Cisco IOS-XE如何配置SSL连接?
本次实验基于cisco csr1000v的虚拟路由器进行
实验拓扑
实验拓扑
实验配置
hostname csr1kv!aaa new-model!aaa authentication suppress null-usernameaaa authentication login sslvpn localaaa authorization network sslvpn local !no ip domain lookup!crypto pki trustpoint csr1kv.local enrollment selfsigned subject-name cn=csr1kv.local revocation-check none rsakeypair csr1kv.local! !crypto pki certificate chain csr1kv.local certificate self-signed 01 b84230df 77267a70 adbef775 3791c3cf ef45ff13 637343c9 9589d487 e0f4d050 3e1a1cee cefcc9f8 168f91a2 d62ee440 a1674943 d20f8edb db465130 109147be 99c342c5 921d3dbd 910cbecb 5638 quit#此处为自签名证书,具体的生成过程略。!username admin privilege 15 secret 5 $1$bvlv$u0lfx9bj3ifsf7m6r7ufe.username cisco password 7 060506324f41!! crypto ssl proposal sslvpn-proposal protection rsa-3des-ede-sha1 rsa-rc4128-md5 rsa-aes128-sha1 rsa-aes256-sha1#ssl的加密策略!crypto ssl authorization policy sslvpn-auth-policy pool sslvpn dns 10.1.1.100 def-domain iteachs.com route set access-list sslvpn-tunnel #ssl的授权策略!crypto ssl policy sslvpn-policy ssl proposal sslvpn-proposal pki trustpoint csr1kv.local sign ip address local 202.100.1.100 port 443!crypto ssl profile sslvpn-profile match policy sslvpn-policy aaa authentication user-pass list sslvpn aaa authorization group user-pass list sslvpn sslvpn-auth-policy authentication remote user-pass max-users 100!!crypto vpn anyconnect bootflash:/anyconnect-win-4.6.03049-webdeploy-k9.pkg sequence 1!interface loopback0 ip address 10.1.1.1 255.255.255.0!interface gigabitethernet1 ip address 202.100.1.100 255.255.255.0 negotiation auto!ip local pool sslvpn 172.16.1.1 172.16.1.100ip route 192.168.100.0 255.255.255.0 202.100.1.1ip access-list standard sslvpn-tunnel permit 10.1.1.0 0.0.0.255!
相关查看
csr1kv#show version cisco ios xe software, version 03.16.06.s - extended support releasecisco ios software, csr1000v software (x86_64_linux_iosd-universalk9-m), version 15.5(3)s6, release software (fc3)technical support: http://www.cisco.com/techsupportcopyright (c) 1986-2017 by cisco systems, inc.compiled mon 24-jul-17 20:01 by mcprecisco ios-xe software, copyright (c) 2005-2017 by cisco systems, inc.all rights reserved. certain components of cisco ios-xe software arelicensed under the gnu general public license (gpl) version 2.0. thesoftware code licensed under gpl version 2.0 is free software that comeswith absolutely no warranty. you can redistribute and/or modify suchgpl code under the terms of gpl version 2.0. for more details, see thedocumentation or license notice file accompanying the ios-xe software,or the applicable url provided on the flyer accompanying the ios-xesoftware.rom: ios-xe rommoncsr1kv uptime is 39 minutesuptime for this control processor is 40 minutessystem returned to rom by reloadsystem image file is bootflash:packages.conflast reload reason: unknown reasonthis product contains cryptographic features and is subject to unitedstates and local country laws governing import, export, transfer anduse. delivery of cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.importers, exporters, distributors and users are responsible forcompliance with u.s. and local country laws. by using this product youagree to comply with applicable laws and regulations. if you are unableto comply with u.s. and local laws, return this product immediately.a summary of u.s. laws governing cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlif you require further assistance please contact us by sending email toexport@cisco.com.license level: axlicense type: default. no valid license found.next reload license level: axcisco csr1000v (vxe) processor (revision vxe) with 1090313k/6147k bytes of memory.processor board id 9zmt9e7r1hj4 gigabit ethernet interfaces32768k bytes of non-volatile configuration memory.3022272k bytes of physical memory.7774207k bytes of virtual hard disk at bootflash:.configuration register is 0x2102csr1kv#csr1kv#show crypto ssl session ssl profile name: sslvpn-profileclient_login_name client_ip_address no_of_connections created last_usedcisco 192.168.100.100 1 0049 0029 csr1kv#show crypto ssl session user ciscointerface : sslvpn-vif0session type : full tunnelclient user-agent : anyconnect windows 4.6.03049 username : cisco num connection : 1 public ip : 192.168.100.100 profile : sslvpn-profile policy : sslvpn-policy last-used : 0036 created : *0852.328 utc thu dec 6 2018tunnel ip : 172.16.1.1 netmask : 0.0.0.0 rx ip packets : 2 tx ip packets : 28 csr1kv#csr1kv#csr1kv#csr1kv#show crypto ssl session user cisco detail interface : sslvpn-vif0session type : full tunnelclient user-agent : anyconnect windows 4.6.03049 username : cisco num connection : 1 public ip : 192.168.100.100 profile : sslvpn-profile policy : sslvpn-policy last-used : 0000 created : *0852.328 utc thu dec 6 2018session timeout : 43200 idle timeout : 1800 dns primary : 10.1.1.100 wins primary : none dns secondary : none wins secondary : none ip6 dns primary : noneip6 dns secondary : nonedpd gw timeout : 300 dpd cl timeout : 300 address pool : sslvpn mtu size : 1406 disconnect time : 0 rekey time : 3600 lease duration : 43200 keepalive : 30 tunnel ip : 172.16.1.1 netmask : 0.0.0.0 rx ip packets : 2 tx ip packets : 34 cstp started : 0032 last-received : 0000 cstp dpd-req sent : 0 msie-proxyserver : none msie-pxyoption : disabled msie-exception : nonesplit dns : noneacl : sslvpn-tunneldefault domain : iteachs.comclient ports : 49190 detail session statistics for user:: cisco----------------------------------cstp statistics::rx cstp frames : 36 tx cstp frames : 0 rx cstp bytes : 2537 tx cstp bytes : 120 rx cstp data fr : 34 tx cstp data fr : 2 rx cstp cntl fr : 2 tx cstp cntl fr : 0 rx cstp dpd req : 0 tx cstp dpd req : 0 rx cstp dpd res : 0 tx cstp dpd res : 0 rx addr renew req : 0 tx address renew : 0 rx dropped frames : 0 tx dropped frame : 0 rx ip packets : 2 tx ip packets : 34 rx ip bytes : 120 tx ip bytes : 2249 rx ip6 packets : 0 tx ip6 packets : 0 rx ip6 bytes : 0 tx ip6 bytes : 0 cef statistics::rx cstp data fr : 0 tx cstp data fr : 0 rx cstp bytes : 0 tx cstp bytes : 0 csr1kv#csr1kv#
实验完。
直流线性电源的工作原理是什么 如何构建自己的电源系统
应用于智能穿戴-MPHM160809系列
基于IEEE1451标准的IP传感器的设计与实现
以太网音视频桥接技术的概述及AVB菊花链工作过程分析
基于京微齐力FPGA HME-M7系列M7A12N0SF256的实时视频信号处理系统设计
Cisco IOS-XE如何配置SSL连接?
装有传感器的头盔和护目镜可定量地测量头部的冲击力
用于荧光辅助数字计数分析的信号探针
讲述十余年NFC技术在国内落地难的秘密!
MHL Vs MYDP,几大移动高清接口之争
比亚迪能否帮助华为造芯?
PWM信号转为模拟量的解决方案
联想首款四核K860今日发布
VISA共享组件怎么安装
Spring Boot如何优雅实现数据加密存储、模糊匹配和脱敏
上汽大众有望在2018年年底推出朗逸纯电动车
三星S8发布时间在即,配置价格全曝光,不说爱国能买吗?
共享单车新规:全面实名制,12岁以下儿童禁骑,这样真的有用?
Jan Carlson:关注主动安全领域,实现自动驾驶
国内机器人的发展前景与趋势分析
实验拓扑
实验拓扑
实验配置
hostname csr1kv!aaa new-model!aaa authentication suppress null-usernameaaa authentication login sslvpn localaaa authorization network sslvpn local !no ip domain lookup!crypto pki trustpoint csr1kv.local enrollment selfsigned subject-name cn=csr1kv.local revocation-check none rsakeypair csr1kv.local! !crypto pki certificate chain csr1kv.local certificate self-signed 01 b84230df 77267a70 adbef775 3791c3cf ef45ff13 637343c9 9589d487 e0f4d050 3e1a1cee cefcc9f8 168f91a2 d62ee440 a1674943 d20f8edb db465130 109147be 99c342c5 921d3dbd 910cbecb 5638 quit#此处为自签名证书,具体的生成过程略。!username admin privilege 15 secret 5 $1$bvlv$u0lfx9bj3ifsf7m6r7ufe.username cisco password 7 060506324f41!! crypto ssl proposal sslvpn-proposal protection rsa-3des-ede-sha1 rsa-rc4128-md5 rsa-aes128-sha1 rsa-aes256-sha1#ssl的加密策略!crypto ssl authorization policy sslvpn-auth-policy pool sslvpn dns 10.1.1.100 def-domain iteachs.com route set access-list sslvpn-tunnel #ssl的授权策略!crypto ssl policy sslvpn-policy ssl proposal sslvpn-proposal pki trustpoint csr1kv.local sign ip address local 202.100.1.100 port 443!crypto ssl profile sslvpn-profile match policy sslvpn-policy aaa authentication user-pass list sslvpn aaa authorization group user-pass list sslvpn sslvpn-auth-policy authentication remote user-pass max-users 100!!crypto vpn anyconnect bootflash:/anyconnect-win-4.6.03049-webdeploy-k9.pkg sequence 1!interface loopback0 ip address 10.1.1.1 255.255.255.0!interface gigabitethernet1 ip address 202.100.1.100 255.255.255.0 negotiation auto!ip local pool sslvpn 172.16.1.1 172.16.1.100ip route 192.168.100.0 255.255.255.0 202.100.1.1ip access-list standard sslvpn-tunnel permit 10.1.1.0 0.0.0.255!
相关查看
csr1kv#show version cisco ios xe software, version 03.16.06.s - extended support releasecisco ios software, csr1000v software (x86_64_linux_iosd-universalk9-m), version 15.5(3)s6, release software (fc3)technical support: http://www.cisco.com/techsupportcopyright (c) 1986-2017 by cisco systems, inc.compiled mon 24-jul-17 20:01 by mcprecisco ios-xe software, copyright (c) 2005-2017 by cisco systems, inc.all rights reserved. certain components of cisco ios-xe software arelicensed under the gnu general public license (gpl) version 2.0. thesoftware code licensed under gpl version 2.0 is free software that comeswith absolutely no warranty. you can redistribute and/or modify suchgpl code under the terms of gpl version 2.0. for more details, see thedocumentation or license notice file accompanying the ios-xe software,or the applicable url provided on the flyer accompanying the ios-xesoftware.rom: ios-xe rommoncsr1kv uptime is 39 minutesuptime for this control processor is 40 minutessystem returned to rom by reloadsystem image file is bootflash:packages.conflast reload reason: unknown reasonthis product contains cryptographic features and is subject to unitedstates and local country laws governing import, export, transfer anduse. delivery of cisco cryptographic products does not implythird-party authority to import, export, distribute or use encryption.importers, exporters, distributors and users are responsible forcompliance with u.s. and local country laws. by using this product youagree to comply with applicable laws and regulations. if you are unableto comply with u.s. and local laws, return this product immediately.a summary of u.s. laws governing cisco cryptographic products may be found at:http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlif you require further assistance please contact us by sending email toexport@cisco.com.license level: axlicense type: default. no valid license found.next reload license level: axcisco csr1000v (vxe) processor (revision vxe) with 1090313k/6147k bytes of memory.processor board id 9zmt9e7r1hj4 gigabit ethernet interfaces32768k bytes of non-volatile configuration memory.3022272k bytes of physical memory.7774207k bytes of virtual hard disk at bootflash:.configuration register is 0x2102csr1kv#csr1kv#show crypto ssl session ssl profile name: sslvpn-profileclient_login_name client_ip_address no_of_connections created last_usedcisco 192.168.100.100 1 0049 0029 csr1kv#show crypto ssl session user ciscointerface : sslvpn-vif0session type : full tunnelclient user-agent : anyconnect windows 4.6.03049 username : cisco num connection : 1 public ip : 192.168.100.100 profile : sslvpn-profile policy : sslvpn-policy last-used : 0036 created : *0852.328 utc thu dec 6 2018tunnel ip : 172.16.1.1 netmask : 0.0.0.0 rx ip packets : 2 tx ip packets : 28 csr1kv#csr1kv#csr1kv#csr1kv#show crypto ssl session user cisco detail interface : sslvpn-vif0session type : full tunnelclient user-agent : anyconnect windows 4.6.03049 username : cisco num connection : 1 public ip : 192.168.100.100 profile : sslvpn-profile policy : sslvpn-policy last-used : 0000 created : *0852.328 utc thu dec 6 2018session timeout : 43200 idle timeout : 1800 dns primary : 10.1.1.100 wins primary : none dns secondary : none wins secondary : none ip6 dns primary : noneip6 dns secondary : nonedpd gw timeout : 300 dpd cl timeout : 300 address pool : sslvpn mtu size : 1406 disconnect time : 0 rekey time : 3600 lease duration : 43200 keepalive : 30 tunnel ip : 172.16.1.1 netmask : 0.0.0.0 rx ip packets : 2 tx ip packets : 34 cstp started : 0032 last-received : 0000 cstp dpd-req sent : 0 msie-proxyserver : none msie-pxyoption : disabled msie-exception : nonesplit dns : noneacl : sslvpn-tunneldefault domain : iteachs.comclient ports : 49190 detail session statistics for user:: cisco----------------------------------cstp statistics::rx cstp frames : 36 tx cstp frames : 0 rx cstp bytes : 2537 tx cstp bytes : 120 rx cstp data fr : 34 tx cstp data fr : 2 rx cstp cntl fr : 2 tx cstp cntl fr : 0 rx cstp dpd req : 0 tx cstp dpd req : 0 rx cstp dpd res : 0 tx cstp dpd res : 0 rx addr renew req : 0 tx address renew : 0 rx dropped frames : 0 tx dropped frame : 0 rx ip packets : 2 tx ip packets : 34 rx ip bytes : 120 tx ip bytes : 2249 rx ip6 packets : 0 tx ip6 packets : 0 rx ip6 bytes : 0 tx ip6 bytes : 0 cef statistics::rx cstp data fr : 0 tx cstp data fr : 0 rx cstp bytes : 0 tx cstp bytes : 0 csr1kv#csr1kv#
实验完。
直流线性电源的工作原理是什么 如何构建自己的电源系统
应用于智能穿戴-MPHM160809系列
基于IEEE1451标准的IP传感器的设计与实现
以太网音视频桥接技术的概述及AVB菊花链工作过程分析
基于京微齐力FPGA HME-M7系列M7A12N0SF256的实时视频信号处理系统设计
Cisco IOS-XE如何配置SSL连接?
装有传感器的头盔和护目镜可定量地测量头部的冲击力
用于荧光辅助数字计数分析的信号探针
讲述十余年NFC技术在国内落地难的秘密!
MHL Vs MYDP,几大移动高清接口之争
比亚迪能否帮助华为造芯?
PWM信号转为模拟量的解决方案
联想首款四核K860今日发布
VISA共享组件怎么安装
Spring Boot如何优雅实现数据加密存储、模糊匹配和脱敏
上汽大众有望在2018年年底推出朗逸纯电动车
三星S8发布时间在即,配置价格全曝光,不说爱国能买吗?
共享单车新规:全面实名制,12岁以下儿童禁骑,这样真的有用?
Jan Carlson:关注主动安全领域,实现自动驾驶
国内机器人的发展前景与趋势分析