（成功配置总结）关于sslvpn full tunnel 模式的报错

network

（成功配置总结）关于sslvpn full tunnel 模式的报错

调full tunnel mode sslvpn 的报错如下:






附件
2007-2-7 09:49 AM

sslvpn.JPG (82.76 KB)
  





问题已经解决， 的确是客户端得不到IP地址的问题，解决方法是必须加一个loopback的ip ，该IP必须与地址池处于同一网段即可。

另外，需要扁死一下厂家写IOS 12.4 Security Conf Guide的，webvpn这一节的配置细节基本全给省略了..............
以下是目前full tunnel 模式拨通的配置，还有很多需要细化的地方，接下来慢慢搞

HK2811#sh runn
Building configuration...

Current configuration : 6323 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
!
aaa new-model
!
!
aaa authentication login aaa_auth_list local
!
no ip domain lookup
ip domain name HK2811.COM
!
!
!
crypto pki trustpoint TP-self-signed-2093624823
enrollment selfsigned
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-2093624823
certificate self-signed 0C
  3082022B .......... 52DC0F
  quit
!
!
username test privilege 15 password 0 test
!
!
controller E1 0/0/0
channel-group 1 timeslots 1-31
!
!
interface Loopback0
ip address 192.168.3.1 255.255.255.0
!

!
ip local pool vpn_add_pool 192.168.3.0 192.168.3.255
!
!
!
webvpn gateway webvpn_gw
ip address 172.16.1.10  port 443
http-redirect port 80
ssl trustpoint TP-self-signed-2093624823
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn install csd flash:/webvpn/sdesktop.pkg
!        
webvpn context test
ssl trustpoint TP-self-signed-2093624823
ssl authenticate verify all
!
!
policy group policy_1
   functions svc-enabled
   svc address-pool "vpn_add_pool"
   svc keep-client-installed
   svc split include 192.168.2.0 255.255.255.252
default-group-policy policy_1
aaa authentication list aaa_auth_list
gateway webvpn_gw
inservice
!
!
end