beautypg.com

Cisco OL-24124-01 User Manual

Page 8

background image

17-8

Cisco Unified Communications Manager Security Guide

OL-24124-01

Chapter 17 Configuring Virtual Private Networks

Sample IOS configuration summary

ip address 10.89.79.140 port 443

! ssl configuration

ssl encryption aes128-sha1

ssl trustpoint iosrcdnvpn-cert

inservice

!

! webvpn context for User and Password authentication

webvpn context UserPasswordContext

title "User-Password authentication"

ssl authenticate verify all

!

!

policy group UserPasswordGroup

functions svc-enabled

hide-url-bar

timeout idle 3600

svc address-pool "webvpn-pool"

svc default-domain "nw048b.cisco.com"

svc split include 10.89.75.0 255.255.255.0

svc dns-server primary 64.101.128.56

svc dtls

default-group-policy UserPasswordGroup

gateway VPN_RCDN_IOS domain UserPasswordVPN

inservice

!

!

! webvpn context for Certificate (username pre-filled) and Password authentication

webvpn context CertPasswordContext

title "certificate plus password"

ssl authenticate verify all

!

!

policy group CertPasswordGroup

functions svc-enabled

hide-url-bar

timeout idle 3600

svc address-pool "webvpn-pool"

svc default-domain "nw048b.cisco.com"

svc dns-server primary 64.101.128.56

svc dtls

default-group-policy CertPasswordGroup

gateway VPN_RCDN_IOS domain CertPasswordVPN

authentication certificate aaa

username-prefill

ca trustpoint CiscoMfgCert

inservice

!

!

! webvpn context for certificate only authentication

webvpn context CertOnlyContext

title "Certificate only authentication"

ssl authenticate verify all

!

!

policy group CertOnlyGroup

functions svc-enabled

hide-url-bar

timeout idle 3600

svc address-pool "webvpn-pool"

svc default-domain "nw048b.cisco.com"

svc dns-server primary 64.101.128.56

svc dtls

default-group-policy CertOnlyGroup

gateway VPN_RCDN_IOS domain CertOnlyVPN