Guest

Cisco 3800 Series Integrated Services Routers

AnyConnect VPN (SSL) Client on IOS Router with CCP Configuration Example

Document ID: 110608

Updated: Jul 14, 2014

Contributed by Bratin Saha and Rahul Govindan, Cisco TAC Engineers.

   Print

Introduction

This document describes how to set up a Cisco IOS® router to perform Secure Sockets Layer (SSL) VPN on a stick with Cisco AnyConnect VPN client using Cisco Configuration Professional (CCP). This setup applies to a specific case where AnyConnect on the Router is configured with split tunneling, and it allows the client secure access to corporate resources and also provides unsecured access to the Internet.

SSL VPN or WebVPN technology is supported on most router platforms such as the Integrated Services Router (ISR) Generation 1, Generation 2 (Refer ISR Products for the list of ISR products). Customers are advised to refer the feature navigator guide in order to obtain a complete list of Cisco IOS platforms that support the AnyConnect VPN (SSL) client (or any other feature/ technology for that matter). This information is available in the Feature Navigator.

CCP is a GUI-based device management tool that allows you to configure Cisco IOS-based access routers. CCP is installed on a PC and simplifies router, security, unified communications, wireless, WAN, and basic LAN configurations through GUI-based, easy-to-use wizards.

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:

  • Suitable client operating system. Refer the AnyConnect Release Notes for the supported operating systems.

  • Web Browser with SUN JRE Version 1.4 or later or an ActiveX controlled browser

  • Local administrative privileges on the client

  • Cisco IOS Router with Advanced Security image -12.4(20)T or later

  • Cisco Configuration Professional Version 1.3 or later

If the Cisco Configuration Professional is not already loaded on your computer, you can obtain a free copy of the software and install the .exe (cisco-config-pro-k9-pkg-2_7-en.zip) file from Software Download. For detailed information on the installation and configuration of CCP, refer to Cisco Configuration Professional Quick Start Guide.

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco IOS Series CISCO2811 Router with Software Version 152-4.M1

  • CCP Version 2.7

  • Cisco AnyConnect SSL VPN Client Version for Windows 3.1.05160

The information in this document was created from devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Configure

Network Diagram

This document uses this network setup:

Preconfiguration Tasks

  1. Configure the router for CCP.

    Routers with the appropriate security bundle license already have the CCP application loaded in the Flash. Refer to Cisco Configuration Professional Quick Start Guide in order to obtain and configure the software.

  2. Download a copy of the Anyconnect VPN .pkg file to your management PC.

Configurations

In this section, you are presented with the steps necessary in order to configure the features described in this document. This example configuration uses the CCP Wizard in order to enable the operation of the Anyconnect VPN on the IOS router.

Complete these steps in order to configure Anyconnect VPN on the Cisco IOS router:

  1. Set up the CCP and discover the Cisco IOS router.

  2. Install and enable the Anyconnect VPN Software on the Cisco IOS Router.

  3. Configure a SSL VPN Context and SSL VPN Gateway with the CCP Wizard.

  4. Configure the User Database for Anyconnect VPN Users.

  5. Configure the AnyConnect Full Tunnel.

Each of these steps is described in more detail in the next sections of this document.

Step 1: Set up the CCP and Discover the Cisco IOS Router

  1. Click Router Status on the CCP window in order to view the router device information.



  2. Click Configure in order to begin the configuration.



Step 2: Install and Enable the Anyconnect VPN Software on the IOS Router

Complete these steps in order to install and enable the Anyconnect VPN software on the IOS router:

  1. Open the CCP application, navigate to Configure > Security, and then click VPN.

  2. Expand SSLVPN, and choose Packages.



    Ensure that the SSL VPN Feature license is installed on the device, otherwise you might get the warning shown in the previous image. Refer Feature License link in order to view the Ordering Information section.

  3. In the Cisco SSLVPN client software, click Browse.

    The Select SVC location dialog box appears.



  4. Specify the location of the Cisco Anyconnect VPN client image (choose either of the two options available).

    • If the Cisco Anyconnect VPN client image is in the router flash, click the Router File System radio button dialog box, and click Browse.





    • If the Cisco Anyconnect VPN client image is not in the router flash, click the My Computer radio dialog box, and click Browse.


  5. Select the client image that you want to install and click OK.

  6. Once you specify the location of the client image, click Install.

  7. Click Yes and then click OK.

  8. Once the client image is successfully installed, you receive the success message. Click OK in order to continue.

  9. Once installed, view the installed package details under Security > VPN > SSL VPN > Packages.

Step 3: Configure a SSLVPN Context and SSLVPN Gateway with the CCP Wizard

Complete these steps in order to configure a SSL VPN context and the SSL VPN gateway:

  1. Go to Configure > Security > VPN, and then click SSL VPN.

  2. Click the SSL VPN Manager and then click the Create SSL VPN tab.



  3. Follow the prompts in order to enable Authentication, Authorization, and Accounting (AAA) if it is not already enabled.









  4. Check the Create a New SSL VPN radio button and then click Launch the selected task.

    The SSL VPN Wizard dialog box appears.



  5. Click Next.



    Note: If the SSL VPN is configured under the interface through which Cisco CP is invoked, it might cause Cisco CP to disconnet from the router. As a better practice, you can access the Cisco IOS router via CCP from the internal interface (in this example,  10.106.44.141) or any other interface, while the SSL VPN is configured under the external interface FastEthernet0/0 (in this example, 10.105.130.149).





  6. Enter the IP address of the new SSL VPN gateway and enter a unique name for this SSL VPN context.

    You can create different SSL VPN contexts for the same IP address (SSL VPN gateway), but each name must be unique. This example uses this IP address: https://10.105.130.149/

  7. Click Next, and continue to the next section.

Step 4: Configure the User Database for Anyconnect VPN Users

For authentication, you can use an AAA Server, local users, or both. This configuration example uses locally-created users for authentication.

Complete these steps in order to configure the user database for Anyconnect VPN users:

  1. After you complete Step 2, click the Locally on this router radio button located in the SSL VPN Wizard User Authentication dialog box.



    This dialog box allows you to add users to the local database.

  2. Click Add and enter user information.



  3. Click OK and add additional users as necessary.

  4. After you add the necessary users, click Next, and continue to the next section.

Step 5. Configure the Anyconnect Tunnel

Complete these steps in order to configure the Anyconnect tunnel and pool of IP addresses for the users:

  1. Because Anyconnect provides the direct access to corporate intranet resources, the URL list is not needed in order to configure. Click the Next button located in the Configure Intranet Websites dialog box.



  2. Verify that the Enable Full Tunnel check box is checked.



  3. Create a pool of IP addresses that clients of this SSL VPN context can use.

    The pool of addresses must correspond to addresses available and routable on your intranet.

  4. Click the ellipses (...) next to the IP Address Pool field, and choose Create a new IP Pool.

  5. In the Add IP Local Pool dialog box, enter a namefor the pool (for example, new), and click Add.



  6. In the Add IP address range dialog box, enter the address pool range for the Anyconnect VPN clients and click OK.

    Note: Before Version 12.4(20)T, the IP address pool should be in a range of an interface directly connected to the router. If you want to use a different pool range, you can create a loopback address associated with your new pool in order to satisfy this requirement.



  7. Click OK.

  8. Configure advanced tunnel options, such as split tunneling, split DNS, browser proxy settings, and Domain Name System (DNS) and Windows Internet Name Service (WINS) servers.

    Note: Cisco recommends that you configure at least DNS and WINS servers.



    Complete these steps in order to configure advanced tunnel options, such as split tunneling:

    1. Click the Advanced Tunnel Options button.

    2. Click the DNS and WINS Servers tab and enter the primary IP addresses for the DNS and WINS servers.



    3. Click the Split Tunneling tab in order to configure split tunneling.



      The ability to transmit both secured and unsecured traffic on the same interface is known as split tunneling. Split tunneling requires that you specify exactly which traffic is secured and what the destination of that traffic is, so that only the specified traffic enters the tunnel while the rest is transmitted unencrypted across the public network (Internet).

      In the example, split tunnel is configured in order to include traffic.


  9. After you configure the necessary options, click Next. Choose the appropriate SSL VPN Tunnel Interface option and click Next.



  10. Customize the SSL VPN Portal Page or select the default values.

    The Customize SSL VPN Portal Page allows you to customize how the SSL VPN Portal Page appears to your customers.



  11. After you customize the SSL VPN portal page, click Next.

  12. Click Finish.



  13. Click Deliver in order to save your configuration and then click OK.
    "110608-ssl-ios-27.jpg" align="center" />



    Note: If you receive an error message, the SSL VPN license might be incorrect.



    Complete these steps in ordre to correct a license issue:

    1. Go to Configure > Security > VPN, and then click SSL VPN.

    2. Click SSL VPN Manager and then click the Edit SSL VPN tab in the right-hand side.



    3. Highlight your newly created context and click the Edit button.



    4. In the Maximum Number of Users field, enter the correct number of users for your license.

    5. Click OK, and then click Deliver.

      The commands are written to the configuration file.

CLI Configuration

CCP creates these command-line configurations:

Router#show running-config
Building configuration...

Current configuration : 4235 bytes
!
! Last configuration change at 05:43:30 UTC Sun Apr 20 2014 by username
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash:c2800nm-advsecurityk9-mz.152-4.M1.bin
boot-end-marker
!
!
no logging buffered
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
no ip source-route
!
!
ip cef
!
!
!
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-897682790
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-897682790
revocation-check none
rsakeypair TP-self-signed-897682790
!
!
crypto pki certificate chain TP-self-signed-897682790
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38393736 38323739 30301E17 0D313430 34323030 34333634
385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3839 37363832
37393030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C8A7958F DA037346 2D1CDA1C FCBDF7B2 025C2BC5 B3BCB833 AABBDA53 01FF2D6D
3418BA9D 1DC2F754 E93751F6 BC450D79 FBC632F1 AF59FB41 162D7667 B99EDD34
9414097F 02992971 56081908 96479CD9 EA5AA72F 5F3F0E97 442A7624 E0F71F93
97D7B871 B30380C8 C6E291D4 2BF0A23B A8B3FCF5 6EEE9AE5 2FAB31D1 9DB65779
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014FF CCBC3166 2C44584C 74673339 B6ECB4A0 173E3530 1D060355
1D0E0416 0414FFCC BC31662C 44584C74 673339B6 ECB4A017 3E35300D 06092A86
4886F70D 01010505 00038181 0059757F 11C98635 5C7DC575 D20CED9E 4B5A2073
ABAD165E 026E0C88 3D2F7676 5BDF3F47 6D0063DF B15109EB FA628037 0F468CFD
581CF0A0 2C96173A 2B92C293 20C25FA0 E7E8167B 2EBDA1C8 12A732AB 8DAC376D
4A5AB68D 1A6E6F76 BCC83397 88215C93 2714302E 63283E79 0476C87F B750F1EA
BCE7C8EF E48B4273 A8C7021A 48
quit
!
!
license udi pid CISCO2811 sn FHK1430F22N
username cisco password 0 cisco 15
username username privilege 15 secret 5 $1$PKkp$ZxYNv9MRCXyMrnNJyBuOi.
username user1 privilege 15 secret 5 $1$ZIn.$J.daeVe11XUIbnmLvNKtY1
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.105.130.149 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.106.44.141 255.255.255.0
duplex auto
speed auto
!
interface Serial0/2/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/2/1
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1/0
no ip address
!
interface FastEthernet0/1/1
no ip address
!
interface FastEthernet0/1/2
no ip address
!
interface FastEthernet0/1/3
no ip address
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
!
interface Vlan1
no ip address
!
ip local pool IP_Pool 192.168.1.10 192.168.1.15
ip default-gateway 10.106.45.254
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 10.106.45.1 254
ip route 0.0.0.0 0.0.0.0 10.106.44.1 254
!
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
transport input telnet ssh
!
scheduler allocate 20000 1000
!
webvpn gateway gateway_1
ip address 10.105.130.149 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-897682790
inservice
!
crypto vpn anyconnect flash:/webvpn/anyconnect-win-3.1.05160-k9.pkg sequence 1
!
webvpn context Test
secondary-color white
title-color #FF9900
text-color black
ssl authenticate verify all
!
!
policy group policy_1
functions svc-enabled
svc address-pool "IP_Pool" netmask 255.255.255.255
svc default-domain "cisco.com"
svc keep-client-installed
svc split include 10.106.44.0 255.255.255.0
svc dns-server primary 10.106.44.10
svc wins-server primary 10.106.44.12
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1
inservice
!
end

Establish the AnyConnect VPN Client Connection

Complete these steps in order to establish an AnyConnect VPN connection with Router.

Note: Add a router to the list of trusted sites in Internet Explorer. For more information, refer to Adding a Security Appliance/Router to the List of Trusted Sites (IE).

  1. Enter the URL or IP address of the router WebVPN interface in your web browser in the format as shown.

    https://<url>


    OR

    https://<IP address of the Router WebVPN interface>


  2. Enter your user name and password.



  3. Click Start in order to initiate the Anyconnect VPN Tunnel Connection.



    This window appears before the SSL VPN connection is established.



    Note: ActiveX software must be installed on your computer before you download the Anyconnect VPN.





  4. Once the connection is successfully established, click the Statistics tab.

    The Statistics tab displays information about the SSL connection.



    The Statistics Details dialog box displays detailed connection statistical information, which includes the tunnel state and mode, the duration of the connection, the number of bytes and frames sent and received, address information, transport information, and the Cisco Secure Desktop posture assessment status. The Reset button on this tab resets the transmission statistics. The Export Stats button allows you to export the current statistics, interface, and routing table to a text file. The AnyConnect client prompts you for a name and location for the text file. The default name is AnyConnect-ExportedStats.txt and the default location is on the desktop.

  5. Check the route details (based on split tunnel configuration) under the Route Details tab.



  6. In the Cisco AnyConnect VPN Client dialog box, click the About tab in order to display the Cisco AnyConnect VPN Client Version information.



Verify

Use this section in order to confirm that your configuration works properly.

Commands

Note: The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use the OIT to view an analysis of show command output.

Several show commands are associated with WebVPN. You can execute these commands at the CLI in order to show statistics and other information. For detailed information about show commands, refer to Verifying WebVPN Configuration.

show webvnp session context all

Router#show webvpn session context all
WebVPN context name: Test
Client_Login_Name  Client_IP_Address  No_of_Connections  Created  Last_Used
user1              64.103.226.184             1         00:03:40  00:00:00

show webvpn session user user1 context Test

Router#show webvpn session user user1 context Test
Session Type : Full Tunnel
Client User-Agent : AnyConnect Windows 3.1.05160

Username : user1 Num Connection : 1
Public IP : 64.103.226.184 VRF Name : None
Context : Test Policy Group : policy_1
Last-Used : 00:00:19 Created : *02:26:05.755 UTC Mon
Apr 21 2014
Session Timeout : Disabled Idle Timeout : 2100
DNS primary serve : 10.106.44.10 WINS primary s : 10.106.44.12
DPD GW Timeout : 300 DPD CL Timeout : 300
Address Pool : IP_Pool MTU Size : 1199
Rekey Time : 3600 Rekey Method :
Lease Duration : 43200
Tunnel IP : 192.168.1.11 Netmask : 255.255.255.255
Rx IP Packets : 0 Tx IP Packets : 1
CSTP Started : 00:00:21 Last-Received : 00:00:20
CSTP DPD-Req sent : 0 Virtual Access : 2
Msie-ProxyServer : None Msie-PxyPolicy : Disabled
Msie-Exception :
Split Include : 10.106.44.0 255.255.255.0
Client Ports : 61652

show webvpn stats

Router#show webvpn stats
User session statistics:
    Active user sessions     : 1          AAA pending reqs         : 0
    Peak user sessions       : 1          Peak time                : 00:08:26
    Active user TCP conns    : 1          Terminated user sessions : 1
    Session alloc failures   : 0          Authentication failures  : 0
    VPN session timeout      : 0          VPN idle timeout         : 0
    User cleared VPN sessions: 0          Exceeded ctx user limit  : 0
    Exceeded total user limit: 0
    Client process rcvd pkts : 94         Server process rcvd pkts : 0
    Client process sent pkts : 1272       Server process sent pkts : 0
    Client CEF received pkts : 588        Server CEF received pkts : 0
    Client CEF rcv punt pkts : 26         Server CEF rcv punt pkts : 0
    Client CEF sent pkts     : 0          Server CEF sent pkts     : 0
    Client CEF sent punt pkts: 0          Server CEF sent punt pkts: 0

    SSLVPN appl bufs inuse   : 0          SSLVPN eng  bufs inuse   : 0
    Active server TCP conns  : 0

Mangling statistics:
    Relative urls            : 0          Absolute urls            : 0
    Non-http(s) absolute urls: 0          Non-standard path urls   : 0
    Interesting tags         : 0          Uninteresting tags       : 0
    Interesting attributes   : 0          Uninteresting attributes : 0
    Embedded script statement: 0          Embedded style statement : 0
    Inline scripts           : 0          Inline styles            : 0
    HTML comments            : 0          HTTP/1.0 requests        : 0
    HTTP/1.1 requests        : 44         Unknown HTTP version     : 0
    GET requests             : 43         POST requests            : 1
    CONNECT requests         : 0          Other request methods    : 0
    Through requests         : 0          Gateway requests         : 44
    Pipelined requests       : 0          Req with header size >1K : 0
    Processed req hdr bytes  : 20065      Processed req body bytes : 51
    HTTP/1.0 responses       : 0          HTTP/1.1 responses       : 0
    HTML responses           : 0          CSS responses            : 0
    XML responses            : 0          JS responses             : 0
    Other content type resp  : 0          Chunked encoding resp    : 0
    Resp with encoded content: 0          Resp with content length : 0
    Close after response     : 0          Resp with header size >1K: 0
    Processed resp hdr size  : 0          Processed resp body bytes: 0
    Backend https response   : 0          Chunked encoding requests: 0

HTTP Authentication stats :
    Successful NTLM Auth     : 0          Failed NTLM Auth         : 0
    Successful Basic Auth    : 0          Failed Basic Auth        : 0
    Unsupported Auth         : 0          Unsup Basic HTTP Method  : 0
    NTLM srv kp alive disabld: 0          NTLM Negotiation Error   : 0
    Oversize NTLM Type3 cred : 0          Internal Error           : 0
    Num 401 responses        : 0          Num non-401 responses    : 0
    Num Basic forms served   : 0          Num NTLM forms served    : 0
    Num Basic Auth sent      : 0          Num NTLM Auth sent       : 0

CIFS statistics:
  SMB related Per Context:
    TCP VC's                 : 0          UDP VC's                 : 0
    Active VC's              : 0          Active Contexts          : 0
    Aborted Conns            : 0
  NetBIOS related Per Context:
    Name Queries             : 0          Name Replies             : 0
    NB DGM Requests          : 0          NB DGM Replies           : 0
    NB TCP Connect Fails     : 0          NB Name Resolution Fails : 0
  SMB related Global:
    Sessions in use          : 0          Mbufs in use             : 0
    Mbuf Chains in use       : 0          Active VC's              : 0
    Active Contexts          : 0          Browse Errors            : 0
    Empty Browser List       : 0          NetServEnum Errors       : 0
    Empty Server List        : 0          NBNS Config Errors       : 0
    NetShareEnum Errors      : 0
  HTTP related Per Context:
    Requests                 : 1          Request Bytes RX         : 488
    Request Packets RX       : 0          Response Bytes TX        : 3609
    Response Packets TX      : 5          Active Connections       : 0
    Active CIFS context      : 0          Requests Dropped         : 0
  HTTP related Global:
    Server User data         : 0          CIFS User data           : 0
    Net Handles              : 0          Active CIFS context      : 0
    Authentication Fails     : 0          Operations Aborted       : 0
    Timers Expired           : 0          Pending Close            : 0
    Net Handles Pending SMB  : 0          File Open Fails          : 0
    Browse Network Ops       : 0          Browse Network Fails     : 0
    Browse Domain Ops        : 0          Browse Domain Fails      : 0
    Browse Server Ops        : 0          Browse Server Fails      : 0
    Browse Share Ops         : 0          Browse Share Fails       : 0
    Browse Dir Ops           : 0          Browse Network Fails     : 0
    File Read Ops            : 0          File Read Fails          : 0
    File Write Ops           : 0          File Write Fails         : 0
    Folder Create Ops        : 0          Folder Create Fails      : 0
    File Delete Ops          : 0          File Delete Fails        : 0
    File Rename Ops          : 0          File Rename Fails        : 0
    URL List Access OK       : 1          URL List Access Fails    : 0

Socket statistics:
    Sockets in use           : 1          Sock Usr Blocks in use   : 1
    Sock Data Buffers in use : 0          Sock Buf desc in use     : 0
    Select timers in use     : 1          Sock Select Timeouts     : 0
    Sock Tx Blocked          : 0          Sock Tx Unblocked        : 0
    Sock Rx Blocked          : 0          Sock Rx Unblocked        : 0
    Sock UDP Connects        : 0          Sock UDP Disconnects     : 0
    Sock Premature Close     : 0          Sock Pipe Errors         : 14
    Sock Select Timeout Errs : 0

Smart Tunnel statistics:
  Client                                Server
    proc pkts                : 0          proc pkts                 : 0
    proc bytes               : 0          proc bytes                : 0
    cef  pkts                : 0          cef  pkts                 : 0
    cef  bytes               : 0          cef  bytes                : 0

Port Forward statistics:
  Client                                Server
    proc pkts                : 0          proc pkts                 : 0
    proc bytes               : 0          proc bytes                : 0
    cef pkts                 : 0          cef pkts                  : 0
    cef bytes                : 0          cef bytes                 : 0

WEBVPN Citrix statistics:

               Server                   Client
  Packets in  : 0                        0
  Packets out : 0                        0
  Bytes in    : 0                        0
  Bytes out   : 0                        0

ACL statistics:
    Permit web request       : 0          Deny web request         : 0
    Permit cifs request      : 0          Deny cifs request        : 0
    Permit without ACL       : 0          Deny without match ACL   : 0
    Permit with match ACL    : 0          Deny with match ACL      : 0

Single Sign On statistics:
    Auth Requests            : 0          Pending Auth Requests    : 0
    Successful Requests      : 0          Failed Requests          : 0
    Retranmissions           : 0          DNS Errors               : 0
    Connection Errors        : 0          Request Timeouts         : 0
    Unknown Responses        : 0

URL-rewrite splitter statistics:
    Direct access request    : 0          Redirect request         : 0
    Internal request         : 0

Tunnel Statistics:
    Active connections       : 1
    Peak connections         : 1          Peak time                : 00:07:52
    Connect succeed          : 4          Connect failed           : 0
    Reconnect succeed        : 2          Reconnect failed         : 0
    DPD timeout              : 0
  Client
    in  CSTP frames          : 484        in  CSTP control         : 4
    in  CSTP data            : 480        in  CSTP bytes           : 36056
    out CSTP frames          : 0          out CSTP control         : 0
    out CSTP data            : 0          out CSTP bytes           : 0
    in  CDTP frames          : 0          in  CDTP control         : 0
    in  CDTP data            : 0          in  CDTP bytes           : 0
    out CDTP frames          : 0          out CDTP control         : 0
    out CDTP data            : 0          out CDTP bytes           : 0
    cef in  CSTP data frames : 0          cef in  CSTP data bytes  : 0
    cef out CSTP data frames : 0          cef out CSTP data bytes  : 0
    cef in  CDTP data frames : 0          cef in  CDTP data bytes  : 0
    cef out CDTP data frames : 0          cef out CDTP data bytes  : 0
  Server
    In  IP pkts              : 0          In  IP bytes             : 0
    Out IP pkts              : 480        Out IP bytes             : 32037

In CCP, choose Monitoring > Security > VPN Status > SSL VPN (All Contexts) in order to view the current SSL VPN user lists in the router.

Troubleshoot

This section provides information you can use in order to troubleshoot your configuration.

Troubleshooting Commands

Several clear commands are associated with WebVPN. For detailed information about these commands, refer to Using WebVPN Clear Commands.

Several debug commands are associated with WebVPN. For detailed information about these commands, refer to Using WebVPN Debug Commands.

Note: The use of debug commands can adversely impact your Cisco device. Before you use debug commands, refer to Important Information on Debug Commands.

Related Information

Updated: Jul 14, 2014
Document ID: 110608