User Guide for CiscoView Device Manager for the Cisco WebVPN Services Module 1.1
Managing Virtual Gateways
Download this chapter
Managing Virtual GatewaysManaging Virtual Gateways
Download the complete book
User Guide for CiscoView Device Manager for the Cisco WebVPN Services Module - Book PDFUser Guide for CiscoView Device Manager for the Cisco WebVPN Services Module - Book PDF (PDF - 3 MB)
give_us_feedback

Table Of Contents

Managing Virtual Gateways

Viewing Virtual Gateways

Adding Virtual Gateways

Creating an Interface

Viewing Existing Interfaces

Editing Virtual Gateways

Selecting a TCP Policy

Selecting an SSL Policy

Selecting an SSL Trustpoint

Deleting Virtual Gateways

How Do I Setup a Virtual Gateway?


Managing Virtual Gateways

A virtual gateway is a logical secure gateway (SG) instance defined within a physical secure gateway. Every virtual gateway is configured with a unique HTTPS proxy IP address, which allows a Virtual Private Network (VPN) user to connect to the secure gateway to access the VPN behind the SG.

You can configure all the virtual gateway service parameters such as IP address, associated SSL Trustpoint, SSL policy and so on using CVDM WebVPNSM. CVDM WebVPNSM also provides options to add, edit and delete the virtual gateway services.

Managing Virtual Gateways contains the following sections:

Viewing Virtual Gateways

Adding Virtual Gateways

Editing Virtual Gateways

Deleting Virtual Gateways

Viewing Virtual Gateways

You can view the details of the virtual gateways configured on the WebVPN module in the Virtual Gateways window.

Figure 5-1 Virtual Gateways

Step 1 Click Setup in the taskbar and Virtual Gateways in the left-most pane.

The Virtual Gateways page is displayed with the following information:

Field
Description

Name

Name of the gateway.

IP Address

IP address of the gateway.

No. of Contexts

Number of virtual contexts associated with the gateway.

Admin Status

The admin status of the gateway.

Values are:

Up

Down

Operational Status

Status

Indicates the operational status of the gateway.

A icon indicates that the gateway is administratively down.

A icon indicates that the gateway is operationally down.

A icon indicates that the gateway is up.

Reason

Reason for the operational status.


Select a virtual gateway or multiple virtual gateways from the Virtual Gateways table, click Set Admin Status and select Up or Down to set the admin status of the selected gateway or gateways.

Click Add to add virtual gateway.

Select a virtual gateway from the Virtual Gateway table and click Edit to edit the settings for the selected virtual gateway.

Select a virtual gateway or multiple Virtual gateways from the Virtual Gateway table and click Delete to delete a virtual gateway or virtual gateways from the Virtual Gateway table.

Step 2 Select a virtual gateway from the Virtual Gateway table to view the following details.

Field
Description

IP Address

IP address of the gateway.

Operational Status

Indicates the operational status of the service.

Port

Port number of the gateway.

TCP Policy

TCP policy associated with the gateway.

SSL Policy

SSL policy associated with the gateway.

SSL Trustpoint

SSL Trustpoint associated with the gateway.

Cookie Mangling Host

This specifies the gateway name that is used in the URL and cookie mangling process.

HTTP Redirect

http redirection (if enabled).

HTTP Port

Port number for http redirection.

Associated Contexts

Context Name

Name of the virtual context associated with the selected gateway service.

Domain Name/Virtual Host

Domain name/virtual host configured with each context.


Adding Virtual Gateways

Step 1 Click Setup in the taskbar, click Virtual Gateways in the left-most pane.

The Virtual Gateways page appears.

Step 2 Click Add. The Add Virtual Gateway dialog box appears with the following information.

Field
Action/Description
Interface

View Existing Interfaces

Click View Existing Interfaces to ensure that a subinterface exists in the same subnet as the gateway you intend to add.

Create Interface

Click Creating an Interface, to add a subinterface in the same subnet as the gateway you intend to add, in case no interface exists already.

General

Gateway Name

Name assigned to this gateway.

In Service

Selected if the administrative status of this gateway is marked up.

Gateway IP Address

IP address assigned to this gateway service.

Secondary

Used to specify that the gateway will not configure the IP address as an IP alias of the system.

Port

Port number of this gateway. The default is 443.

TCP Policy

The TCP policy that the virtual gateway will use. You can create and use a new TCP policy or select an existing one.

SSL Policy

The SSL policy that the virtual gateway will use. You can create and use a new SSL policy or select an existing one.

SSL Trustpoint

The trust-point that the SSL client connection will use.

Cookie Mangling Host

The gateway name that is used in the URL and cookie mangling process.

HTTP

Redirect HTTP Traffic

Checked if HTTP traffic is to be redirected to use HTTPS.

HTTP Port

HTTP port being listened on. Default port is 80.


Step 3 Enter the appropriate values and click OK.

To become operational, a virtual gateway requires the following prerequisites:

Valid IP address.

Interface in the same subnet as the IP (If the gateway IP is not selected as secondary).

SSL Trustpoint

Creating an Interface

To create a subinterface in the same subnet as the gateway.

Step 1 From the Add Virtual Gateway dialog box, click Create Interface in the Interface pane. The Add Interface dialog box appears.

Step 2 Enter the appropriate values.

Field
Action/Description

WebVPN Interface

WebVPN subinterface number.

VLAN Number

VLAN identifier.

IP Address

Subinterface IP address.

Network Mask

Subinterface network mask.


Step 3 Click OK.

Viewing Existing Interfaces

From the Add or Edit Virtual Gateway dialog box, click View Existing Interfaces in the Interface pane. The Non-VRF Interfaces dialog box appears with the following information.

Field
Action/Description

Interface

WebVPN subinterface number.

IP Address

Subinterface IP address.

Net Mask

Subinterface network mask.


Editing Virtual Gateways

To edit the configuration of a virtual gateway:

Step 1 Click Setup in the taskbar, click Virtual Gateways in the left-most pane.

The Virtual Gateways page appears.

Step 2 Select the virtual gateway from the Virtual Gateways table and Click Edit. The Edit Virtual Gateway dialog box appears.

Step 3 Modify the appropriate values.

Field
Action/Description
Interface

View Existing Interfaces

Click View Existing Interfaces to ensure that a subinterface exists in the same subnet if you are assigning a new IP address to the gateway.

Create Interface

Click Creating an Interface, to add a subinterface in the same subnet if you are assigning a new IP address to the gateway.

General

Gateway Name

Name assigned to this gateway. You cannot edit the value in this field.

In Service

Checked if the administrative status of this gateway is Up.

Gateway IP Address

IP address assigned to this gateway service.

Secondary

Used to specify that the gateway will not configure the IP address as an IP alias of the system.

Port

Port number of this gateway. The default is 443.

TCP Policy

The TCP policy that the virtual gateway will use. You can create and use a new TCP policy or select an existing one.

SSL Policy

The SSL policy that the virtual gateway will use. You can create and use a new SSL policy or select an existing one.

SSL Trustpoint

The Trustpoint that the SSL client connection will use.

Cookie Mangling Host

The gateway-name that is used in the URL and cookie mangling process.

HTTP

Redirect HTTP Traffic

Checked if HTTP traffic is to be redirected to use HTTPS.

HTTP Port

HTTP Port being listened on. Default port is 80.


Step 4 Click OK.

Selecting a TCP Policy

Step 1 Click the TCP Policy ellipsis selector button. A drop-down list appears.

Step 2 Click Select an Existing TCP Policy. The TCP Policy Selector dialog box appears.

Step 3 Select a TCP policy from the TCP Policy Selector dialog box and click OK. The TCP policy will be added to the TCP Policy field.

Selecting an SSL Policy

Step 1 Click the SSL Policy ellipsis selector button. A drop-down list appears.

Step 2 Click Select an Existing SSL Policy. The SSL Policy Selector dialog box appears.

Step 3 Select an SSL policy from the SSL Policy Selector dialog box and click OK. The SSL policy will be added to the SSL Policy field.

Selecting an SSL Trustpoint

Step 1 Click the SSL Trustpoint ellipsis selector button. A drop-down list appears.

Step 2 Click Select Trustpoint. The Certificate Trustpoint Selector dialog box appears.

Step 3 Select a certificate Trustpoint and click OK. The SSL Trustpoint will be added to the SSL Trustpoint field.

Deleting Virtual Gateways

Step 1 Click Setup in the taskbar, click Virtual Gateways in the left-most pane.

The Virtual Gateways page appears.

Step 2 Select the virtual gateway or multiple virtual gateways from the Virtual Gateways table and Click Delete. The Delete Gateway pop-up appears.

Step 3 Click Yes. The virtual gateway or virtual gateways will be deleted from the Virtual Gateways table.

Note You will not be able to delete a Gateway if it is being used by a Virtual Context.

How Do I Setup a Virtual Gateway?

To setup a virtual gateway, follow the procedure in Adding Virtual Gateways.

The following parameters are mandatory to make a gateway operational:

A valid name

IP address

A non-VRF interface in the same subnet as this gateway

An SSL Trustpoint.