IOS Webvpn configuration

Jean Paul Enerst · ‎12-29-2010

Hi All,

I am learning webvpn in my home lab. The config below is generated by the SDM,but i did some manual changes as well. After numerous verification, it seems that everything suppose to be working, but it's not. When opened up IE and typed 10.112.2.24/webvpn.html IE return 404 not found. I am pretty is

Thanks for the help,

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 8

logging message-counter syslog

!

aaa new-model

!

aaa authentication login default local

aaa authentication login sdm_vpn_xauth_ml_1 local

aaa authorization exec default local

aaa accounting send stop-record authentication failure

!

aaa session-id common

dot11 syslog

ip source-route

!

ip cef

ip ips notify SDEE

ip ips name sdm_ips_rule

!

multilink bundle-name authenticated

!

username sapa privilege 15 password 7 *******

interface FastEthernet0/1

description $ES_LAN$

ip address 10.112.22.24 255.255.255.0

ip virtual-reassembly

duplex auto

speed auto

!

ip local pool WEBVPN-CLIENT-POOL 10.11.27.5 10.11.27.25

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 10.112.22.1

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

line con 0

privilege level 15

line aux 0

line vty 0 4

privilege level 15

login authentication ssh

transport input ssh

line vty 5 15

privilege level 15

login authentication ssh

transport input ssh

!

scheduler allocate 20000 1000

!

webvpn gateway lab_test

hostname WebVPN_SERVER

ip address 10.112.22.24 port 443

http-redirect port 80

ssl trustpoint TP-self-signed-3824499528

inservice

!

webvpn install svc flash:/webvpn/anyconnect-dart-win-2.5.2014-k9.pkg sequence 1

webvpn context WEB_VPN_TEST

secondary-color white

title-color #CCCC66

text-color black

ssl authenticate verify all

!

url-list "prepaid"

heading "Dealer-access"

url-text "dealer" url-value "http://prepaid.portal.com/"

!

login-message "Please Enter your Credential:"

!

policy group policy_1

url-list "http://veal.portal.com"

url-list "prepaid"

functions svc-enabled

mask-urls

svc address-pool "WEBVPN-CLIENT-POOL"

svc keep-client-installed

svc msie-proxy option auto

svc split exclude local-lans

svc split exclude 10.1XX.XX.0 255.255.0.0

svc dns-server primary 4.2.2.2

svc dns-server secondary 4.2.2.1

default-group-policy policy_1

aaa authentication list sdm_vpn_xauth_ml_1

gateway lab_test

max-users 2

inservice

!

---------

*Dec 29 22:05:56.995: WV: sslvpn process rcvd context queue event

*Dec 29 22:05:56.999: WV: sslvpn process rcvd context queue event

*Dec 29 22:05:57.051: WV: sslvpn process rcvd context queue event

*Dec 29 22:05:57.051: WV: Entering APPL with Context: 0x65D37578,

Data buffer(buffer: 0x65D71BB0, data: 0xE7762298, len: 523,

offset: 0, domain: 0)

*Dec 29 22:05:57.051: WV: http request: /webvpn.html with no cookie

*Dec 29 22:05:57.051: WV: Client side Chunk data written..

buffer=0x65D71B90 total_len=135 bytes=135 tcb=0x6651A534

*Dec 29 22:05:57.051: WV: sslvpn process rcvd context queue event

Shilpa Gupta · ‎01-02-2011

Hi,

Please check if the certificate is valid by using'sh crypto ca cert' and also create a trustpoint and generate certificate again by using the following commands:-

[1]Generate keys by using the label

crypto key gen rsa label SSL

[2] Create trustpoint

crypto pki trustpoint SSL
enrollment self-signed

subject-name cn=ip-address
revocation-check none

rsakeypair SSL
exit

[3]Enroll the trustpoint

crypto pki enroll SSL

[4]Check the certificate by using 'sh crypto ca cert'

then assign the trustpoint under webvpn gateway

webvpn gateway lab_test

hostname WebVPN_SERVER

ip address 10.112.22.24 port 443

http-redirect port 80

ssl trustpoint SSL

inservice

Use the above steps and let me know if it helps.