interface Loopback0
ip address 11.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.10.10 255.255.255.0
duplex half
!
interface Serial1/0
ip address 10.1.1.1 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router rip
version 2
network 10.0.0.0
network 11.0.0.0
network 192.168.10.0
no auto-summary
!
ip local pool ssl-add 11.1.1.10 11.1.1.20
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
webvpn gateway vpngateway
ip address 192.168.10.10 port 443
ssl trustpoint TP-self-signed-4294967295
inservice
!
webvpn install svc disk0:/webvpn/svc.pkg
!
webvpn context webcontext
ssl authenticate verify all
!
!
policy group sslvpn-policy
functions svc-enabled
svc address-pool "ssl-add"
svc split include 192.168.20.0 255.255.255.0
default-group-policy sslvpn-policy
aaa authentication list webvpn
gateway vpngateway domain sshvpn
inservice
!
!
end
R2#show running-config
Building configuration...
Current configuration : 973 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
!
!
interface Loopback1
ip address 22.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.20.10 255.255.255.0
duplex half
!
interface Serial1/0
ip address 10.1.1.2 255.255.255.252
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router rip
version 2
network 10.0.0.0
network 22.0.0.0
network 192.168.20.0
no auto-summary
!
no ip http server
no ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
end
三、客户端配置
在浏览器中输入https://192.168.10.10/ 访问WebVPN,这时会弹出提示信息,点击“确定”
需要安装证书,点击“是”,这里第一个感叹号是因为这个证书只路由器自签发的,没有经过验证,而第二个感叹号是因为配置WebVPN时应该注意证书颁发后的证书的有效期,往往颁发证书时的有有效期限时间会比当前时间晚一二天
这时会弹出网页,输入用户和密码,点击 login
这时会自动安装 SSL VPN Client 软件
需要点击允许安装 ACTIVE 控件,会弹出安装界面,点击安装
正在进行 SSL VPN Client
点击安装证书
安装证书之后,这样 VPN连接就建立起来,在屏幕的右下部会显示出黄色的小钥匙的标志
四、验证配置
在客户端上可以查看 VPN的状态。
可以查看 VPN隧道的分离子网。
使用ipconfig命令可以查看到获得的地址。
查看路由表,可以看到一条指向192.168.20.0的路由条目
责任编辑:虫虫