From: omar parihuana (omar.parihuana@gmail.com)
Date: Thu Jul 17 2008 - 17:56:00 ART
Hi list,
Sincerely, I don't know how works the VPN SSL Tunnel with SVC, I set up the
VPN SSL server, I can connect to VPN Gateway, after that mi client receive
the IP address in accordance to follow graph.
---10.1.1.0 /24 ---- (R1)------------ (Client)
I have a Web server 10.1.1.200 and local pool for VPN is: 10.1.1.15 to
10.1.1.20, after logged to R1 via SSL usr/pass required pass well, and the
tunnel is established the client received the IP Address: 10.1.1.16, then
the question is, why I cannot connect to Web Server 10.1.1.200????
!
ip local pool SSLClients 10.1.1.15 10.1.1.20
!
webvpn gateway gateway_1
ip address 10.1.3.50 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-3722961561
inservice
!
webvpn install svc flash:/webvpn/svc_1.pkg sequence 1
!
webvpn install csd flash:/webvpn/sdesktop.pkg
!
webvpn context TESTSSL
secondary-color white
title-color #FF9900
text-color black
ssl authenticate verify all
!
url-list "LinuxTest"
heading "Linux Test"
url-text "VMWare" url-value "http://10.1.1.200"
!
!
policy group policy_1
url-list "LinuxTest"
functions svc-required
mask-urls
svc address-pool "SSLClients"
svc default-domain "test.com"
svc keep-client-installed
svc split include 10.1.1.0 255.255.255.0
default-group-policy policy_1
aaa authentication list sdm_vpn_xauth_ml_1
gateway gateway_1
inservice
!
end
SSLTest#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 10.1.3.0/24 is directly connected, FastEthernet0/1
C 10.1.1.0/24 is directly connected, FastEthernet0/0
S 10.1.1.16/32 [0/0] via 0.0.0.0, SSLVPN-VIF0
SSLTest#
Rgds.
On 7/17/08, Phil Priest <ppriest@comms-care.com> wrote:
>
> I had the same issue when i was setting it up. I seem to remember that
> if you just continue and ignore the message it still works!
> Alternatively you can just copy the package via TFTP I believe..
>
> Also, make sure the pool of addresses you assign to clients is either in
> the same subnet as you internal LAN address or create a loopback for the
> new subnet or it will not work...
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> omar parihuana
> Sent: 17 July 2008 16:06
> To: Cisco certification
> Subject: SSLVPN Cannot install package
>
> Hi List,
>
> I'm setting a simple SSL VPN concentrator on a 2801 and I would like to
> use
> full-tunnel-mode, but unfortunately I cannot install the Cisco SSL VPN
> Client Software (I'm using SDM for configure SSL ) when try to intall I
> get
> the follow error:
>
> Error installing package: Unknow Error
> This may occur if your router use LEFS file system. Converting it to use
> DOS
> file system may resolve this issue.
>
> then the question is: if the problem is file system from my CompactFlash
> how
> can I convert to file system from LEFS to DOS File system? or anyway how
> can
> I use full-tunnel using a Cisco 2801.
>
> Clientless tunnel is working well.
>
> Rgds.
>
> --
> Omar E.P.T
> -----------------
> Certified Networking Professionals make better Connections!
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
-- Omar E.P.T ----------------- Certified Networking Professionals make better Connections!
This archive was generated by hypermail 2.1.4 : Mon Aug 04 2008 - 06:11:55 ART