Cisco ASA/WebVPN
Материал из Xgu.ru
Настройка WebVPN на Cisco ASA.
[править] Настройка WebVPN
ASA1(config)# webvpn ASA1(config-webvpn)# enable outside ASA1(config-webvpn)# exit
ASA1(config)# http server enable
ASA1(config)# tunnel-group WEBVPN type webvpn
ASA1(config)# tunnel-group WEBVPN webvpn-attributes ASA1(config-tunnel-webvpn)# nbns-server 10.0.1.2 ASA1(config-tunnel-webvpn)# exit
ASA1(config)# group-policy WEBVPN internal ASA1(config)# group-policy WEBVPN attributes ASA1(config-group-policy)# vpn-tunnel-protocol webvpn ASA1(config-group-policy)# exit
ASA1(config)# username cisco password cisco ASA1(config)# username cisco attributes ASA1(config-username)# vpn-group-policy WEBVPN ASA1(config-username)# exit
ASA1(config)# url-list URLs "INHOST_SERVER" http://10.0.1.2 ASA1(config)# url-list URLs "CIFS SHTUKI" cifs://10.0.1.2/SNPA
ASA1(config)# group-policy WEBVPN attributes ASA1(config-group-policy)# webvpn ASA1(config-group-webvpn)# functions url-entry file-access file-entry file-browsing ASA1(config-group-webvpn)# url-list value URLs ASA1(config-group-webvpn)# exit
Настраиваем порт-форвардинг:
ASA1(config)# port-forward APPL 2222 10.0.1.2 23 ASA1(config)# group-policy WEBVPN attributes ASA1(config-group-policy)# webvpn ASA1(config-group-webvpn)# functions url-entry file-access file-entry file-browsing port-forward ASA1(config-group-webvpn)# port-forward value APPL
[править] Просмотр информации
sh vpn-sessiondb webvpn
Пример вывода команды:
asa2#sh vpn-sessiondb webvpn Session Type: WebVPN Username : xguru Index : 1 Public IP : 192.168.1.100 Protocol : Clientless Encryption : RC4 Hashing : SHA1 Bytes Tx : 8539889 Bytes Rx : 449408 Group Policy : sslvpn-pol Tunnel Group : DefaultWEBVPNGroup Login Time : 10:54:11 UTC Sat Apr 9 2011 Duration : 0h:47m:54s NAC Result : Unknown VLAN Mapping : N/A VLAN : none Username : cisco Index : 2 Public IP : 192.168.1.100 Protocol : Clientless Encryption : RC4 Hashing : SHA1 Bytes Tx : 8539889 Bytes Rx : 449408 Group Policy : easy-pol Tunnel Group : DefaultWEBVPNGroup Login Time : 11:07:36 UTC Sat Apr 9 2011 Duration : 0h:34m:29s NAC Result : Unknown VLAN Mapping : N/A VLAN : none
Более подробная информация:
asa2# sh vpn-sessiondb detail webvpn Session Type: WebVPN Detailed Username : xguru Index : 1 Public IP : 192.168.1.100 Protocol : Clientless Encryption : RC4 Hashing : SHA1 Bytes Tx : 8539889 Bytes Rx : 449408 Pkts Tx : 5 Pkts Rx : 1 Pkts Tx Drop : 0 Pkts Rx Drop : 0 Group Policy : sslvpn-pol Tunnel Group : DefaultWEBVPNGroup Login Time : 10:54:11 UTC Sat Apr 9 2011 Duration : 0h:48m:19s NAC Result : Unknown VLAN Mapping : N/A VLAN : none Clientless Tunnels: 1 Clientless: Tunnel ID : 1.1 Public IP : 192.168.1.100 Encryption : RC4 Hashing : SHA1 TCP Dst Port : 443 Auth Mode : userPassword Idle Time Out: 30 Minutes Idle TO Left : 10 Minutes Client Type : Web Browser Client Ver : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Bytes Tx : 8539889 Bytes Rx : 449408 NAC: Reval Int (T): 0 Seconds Reval Left(T): 0 Seconds SQ Int (T) : 0 Seconds EoU Age(T) : 2898 Seconds Hold Left (T): 0 Seconds Posture Token: Redirect URL : Username : cisco Index : 2 Public IP : 192.168.1.100 Protocol : Clientless Encryption : RC4 Hashing : SHA1 Bytes Tx : 8539889 Bytes Rx : 449408 Pkts Tx : 3 Pkts Rx : 0 Pkts Tx Drop : 0 Pkts Rx Drop : 0 Group Policy : easy-pol Tunnel Group : DefaultWEBVPNGroup Login Time : 11:07:36 UTC Sat Apr 9 2011 Duration : 0h:34m:54s NAC Result : Unknown VLAN Mapping : N/A VLAN : none Clientless Tunnels: 1 Clientless: Tunnel ID : 2.1 Public IP : 192.168.1.100 Encryption : RC4 Hashing : SHA1 TCP Dst Port : 443 Auth Mode : userPassword Idle Time Out: 30 Minutes Idle TO Left : 10 Minutes Client Type : Web Browser Client Ver : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Bytes Tx : 8539889 Bytes Rx : 449408 NAC: Reval Int (T): 0 Seconds Reval Left(T): 0 Seconds SQ Int (T) : 0 Seconds EoU Age(T) : 2096 Seconds Hold Left (T): 0 Seconds Posture Token: Redirect URL :
Закрыть сессию пользователя:
vpn-sessiondb logoff webvpn