Table Of Contents
Commands for the Catalyst 6500 Series Switch WebVPN Module
show webvpn platform crash-info
show webvpn platform mac address
Commands for the Catalyst 6500 Series Switch WebVPN Module
This chapter contains an alphabetical listing of commands for the Catalyst 6500 series WebVPN Module.
For additional WebVPN Services Module information, refer to the following documentation:
•
Catalyst 6500 Series Switch WebVPN Services Module Installation and Verification Note
•
•
clear webvpn nbns
To reset the NetBIOS name service (NBNS) cache on the WebVPN Services Module, use the clear webvpn nbns command.
clear webvpn nbns [context {name | all}]
Syntax Description
context
(Optional) Clears the statistics for a specific context.
name
Specifies the name of the context.
all
Specifies all contexts.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
To reset all the statistics counters that the WebVPN Services Module maintains, use the clear webvpn nbns command without options.
Examples
This example shows how to reset the statistics counters that are maintained in the different system components on the WebVPN Services Module:
webvpn# clear webvpn nbns context context1clear webvpn platform
To reset the platform extenstions on the WebVPN Services Module, use the clear webvpn platform command.
clear webvpn platform {conn | session | stats [type] | tunnel stats}
Syntax Description
conn
Clears global connection.
session
Clears session information.
stats
Clears statistics information.
type
(Optional) See the "" for available options.
tunnel stats
Clears tunnel counters.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The available options for stats type are as follows:
•
•
•
•
•
•
The available options for the module variable are as follows:
–
–
–
–
–
•
The available options for the pki_type variable are as follows:
–
–
–
–
–
–
•
•
•
Examples
This example shows how to reset the platform counters that are maintained in the different system components on the WebVPN Services Module:
webvpn# clear webvpn platformclear webvpn session
To clear the WebVPN session, use the clear webvpn session command.
clear webvpn session {context {name | all} | user name {context {name | all}}}
Syntax Description
context
Clears the statistics for a specific context.
name
Specifies the name of the context.
all
Specifies all contexts.
user name
Specifies the user name.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
To reset all the statistics counters that the WebVPN Services Module maintains, use the clear webvpn nbns command without options.
Examples
This example shows how to reset the session counters that are maintained in the different system components on the WebVPN Services Module:
webvpn# clear webvpn sessionclear webvpn stats
To reset the statistics counters that are maintained in the different system components on the WebVPN Services Module, use the clear webvpn stats command.
clear webvpn stats [cifs [context {name | all}] | context {name | all} | mangle [context {name | all}] | port-forward [context {name | all}] | tunnel [context {name | all}]]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
To reset all the statistics counters that the WebVPN Services Module maintains, use the clear ssl-proxy stats command without options.
Examples
This example shows how to reset the statistics counters that are maintained in the different system components on the WebVPN Services Module:
webvpn# clear webvpn stats cifswebvpn# clear webvpn stats context context1webvpn# clear webvpn stats mangle context allwebvpn# clear webvpn stats tunnelThis example shows how to clear all the statistic counters that the WebVPN Services Module maintains:
webvpn# clear webvpn statswebvpn#crypto key export rsa pem
To export a PEM-formatted RSA key to the WebVPN Services Module, use the crypto key export rsa pem command.
crypto key export rsa keylabel pem {terminal | url url} {{3des | des} pass_phrase}
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Services Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The pass phrase can be any phrase including spaces and punctuation except for a question mark (?), which has special meaning to the Cisco IOS parser.
Pass-phrase protection associates a pass phrase with the key. The pass phrase is used to encrypt the key when it is exported. When this key is imported, you must enter the same pass phrase to decrypt it.
Examples
This example shows how to export a key from the WebVPN Services Module:
wwbvpn(config)# crypto key export rsa test-keys pem url scp: 3des password% Key name:test-keysUsage:General Purpose KeyExporting public key...Address or name of remote host []? 7.0.0.7Destination username [ssl-proxy]? labDestination filename [test-keys.pub]?Password:Writing test-keys.pub Writing file to scp://lab@7.0.0.7/test-keys.pubPassword:!Exporting private key...Address or name of remote host []? 7.0.0.7Destination username [ssl-proxy]? labDestination filename [test-keys.prv]?Password:Writing test-keys.prv Writing file to scp://lab@7.0.0.7/test-keys.prvPassword:wwbvpn(config)#crypto key generate
To generate RSA key pairs, use the crypto key generate command.
crypto key generate rsa {usage-keys|general-keys} {label key-label} [exportable] [modulus size]
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Services Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The WebVPN Services Module supports up to eight levels of certificate authority (one root certificate authority and up to seven subordinate certificate authorities).
You can specify that a key is exportable during key generation. Once the key is generated as either exportable or not exportable, it cannot be modified for the life of the key.
Note
After you generate a key pair, you can test the SSL service by generating a self-signed certificate.
Examples
This example shows how to generate special-usage RSA keys:
crypto key generate rsa usage-keysThe name for the keys will be: myrouter.example.comChoose the size of the key modulus in the range of 360 to 2048 for your Signature Keys.Choosing a key modulus greater than 512 may take a few minutes.How many bits in the modulus[512]? <return>Generating RSA keys.... [OK].Choose the size of the key modulus in the range of 360 to 2048 for your Encryption Keys.Choosing a key modulus greater than 512 may take a few minutes.How many bits in the modulus[512]? <return>Generating RSA keys.... [OK].This example shows how to generate general-purpose RSA keys:
Note
webvpn(config)# crypto key generate rsa general-keys label kp1 exportableThe name for the keys will be: kp1Choose the size of the key modulus in the range of 360 to 2048 for yourGeneral Purpose Keys. Choosing a key modulus greater than 512 may takea few minutes.How many bits in the modulus [512]: 1024Generating RSA keys.... [OK].crypto key import rsa pem
To import a PEM-formatted RSA key from an external system, use the crypto key import rsa pem command.
crypto key import rsa keylabel pem [usage-keys] {terminal | url url} [exportable] passphrase}
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Services Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The pass phrase can be any phrase including spaces and punctuation except for a question mark (?), which has special meaning to the Cisco IOS parser.
Pass-phrase protection associates a pass phrase with the key. The pass phrase is used to encrypt the key when it is exported. When this key is imported, you must enter the same pass phrase to decrypt it.
Examples
This example shows how to import a PEM-formatted RSA key from an external system and export the PEM-formatted RSA key to the WebVPN Services Module:
wwbvpn(config)# crypto key import rsa newkeys pem url scp: password% Importing public key or certificate PEM file...Address or name of remote host []? 7.0.0.7Source username [ssl-proxy]? labSource filename [newkeys.pub]? test-keys.pubPassword:Sending file modes:C0644 272 test-keys.pubReading file from scp://lab@7.0.0.7/test-keys.pub!% Importing private key PEM file...Address or name of remote host []? 7.0.0.7Source username [ssl-proxy]? labSource filename [newkeys.prv]? test-keys.prvPassword:Sending file modes:C0644 963 test-keys.prvReading file from scp://lab@7.0.0.7/test-keys.prv!% Key pair import succeeded.wwbvpn(config)#crypto pki authenticate
To obtain the certificate that contains the public key of the certificate authority, use the crypto pki authenticate command.
crypto pki authenticate trustpoint-label
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The trustpoint-label argument is case-sensitive.
For each trustpoint, you must obtain a certificate that contains the public key of the certificate authority; multiple trustpoints can use the same certificate authority.
Note
Examples
This example shows how to obtain the certificate of the certificate authority:
webvpn(config)# crypto pki authenticate PROXY1Certificate has the following attributes:Fingerprint: A8D09689 74FB6587 02BFE0DC 2200B38A% Do you accept this certificate? [yes/no]: yTrustpoint CA certificate accepted.webvpn(config)# endwebvpn#crypto pki certificate
To configure and define the PKI implementation on the WebVPN Services Module, use the crypto pki certificate command.
crypto pki certificate {chain name | map map_name | query | validate trustpoint-label}
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The crypto pki certificate chain command puts you into certificate chain configuration mode. When you are in certificate chain configuration mode, you can delete certificates using the certificate command. You need to be in certificate chain configuration mode to delete certificates.
The crypto pki certificate validate command validates the router's own certificate for a given trustpoint. Use this command as a sanity check after enrollment to verify that the trustpoint is properly authenticated, a certificate has been requested and granted for the trustpoint, and that the certificate is currently valid. A certificate is valid if it is signed by the trustpoint certification authority (CA), not expired, and so on.
crypto pki crl request
To configure and define the PKI implementation on the WebVPN Services Module, use the crypto pki crl request command.
crypto pki crl request name
Syntax Description
name
Specifies the name of the CA. This is the same name used when the CA was declared with the crypto pki trustpoint command.
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
A CRL lists all the certificates of the network device that have been revoked. Revoked certificates will not be honored by your module; therefore, any IPSec device with a revoked certificate cannot exchange IP Security traffic with your module.
The first time your module receives a certificate from a peer, it will download a CRL from the CA. Your module then checks the CRL to make sure the certificate of the peer has not been revoked. (If the certificate appears on the CRL, it will not accept the certificate and will not authenticate the peer.)
A CRL can be reused with subsequent certificates until the CRL expires. If your module receives the certificate of a peer after the applicable CRL has expired, it will download the new CRL.
If your module has a CRL which has not yet expired, but you suspect that the contents of the CRL are out of date, use the crypto pki crl request command to request that the latest CRL be immediately downloaded to replace the old CRL.
This command is not saved to the configuration.
Examples
This example shows how to specify the timeout in seconds for each request:
wwbvpn(config)# crypto pki crl requestcrypto pki enroll
To request a certificate for the trustpoint, use the crypto pki enroll command.
crypto pki enroll trustpoint-label
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The trustpoint-label argument is case-sensitive.
You must obtain a signed certificate from the certificate authority for each trustpoint.
You have the option to create a challenge password that is not saved with the configuration. This password is required if your certificate needs to be revoked, so you must remember this password.
Note
Examples
This example shows how to request a certificate:
webvpn(config)# crypto pki enroll PROXY1%% Start certificate enrollment..% The subject name in the certificate will be: C=US; ST=California; L=San Jose; O=Cisco; OU=Lab; CN=host1.cisco.com% The subject name in the certificate will be: host.cisco.com% The serial number in the certificate will be: 00000000% The IP address in the certificate is 10.0.0.1% Certificate request sent to Certificate Authority% The certificate request fingerprint will be displayed.% The 'show crypto pki certificate' command will also show the fingerprint.Fingerprint: 470DE382 65D8156B 0F84C2AF 4538B913webvpn(config)# endcrypto pki export pem
To export privacy-enhanced mail (PEM) files from the WebVPN Services Module, use the crypto pki export pem command.
crypto pki export trustpoint_label pem {terminal {des | 3des} {url url}} pass_phrase
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Services Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The pass_phrase can be any phrase including spaces and punctuation except for a question mark (?), which has special meaning to the Cisco IOS parser.
Pass-phrase protection associates a pass phrase with the key. The pass phrase is used to encrypt the key when it is exported. When this key is imported, you must enter the same pass phrase to decrypt it.
A key that is marked as unexportable cannot be exported.
You can change the default file extensions when prompted. The default file extensions are as follows:
•
•
•
•
•
•
Examples
This example shows how to export a PEM-formatted file on the WebVPN Services Module:
wwbvpn(config)# crypto pki export TP5 pem url tftp://10.1.1.1/TP5 passwordRelated Commands
crypto pki export pkcs12
To export a PKCS12 file from the WebVPN Services Module, use the crypto pki export pkcs12 command.
crypto pki export trustpoint_label pkcs12 file_system [pkcs12_filename] pass_phrase
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
Imported key pairs cannot be exported.
If you are using SSH, we recommend using SCP (secure file transfer) when exporting a PKCS12 file. SCP authenticates the host and encrypts the transfer session.
If you do not specify the pkcs12_filename value, you will be prompted to accept the default filename (the default filename is the trustpoint_label value) or enter the filename. For the ftp: or tftp: value, include the full path in the pkcs12_filename value.
You will receive an error if you enter the pass phrase incorrectly.
If there is more than one level of CA, the root CA and all the subordinate CA certificates are exported in the PKCS12 file.
Examples
This example shows how to export a PKCS12 file using SCP:
wwbvpn(config)# crypto ca export TP1 pkcs12 scp: sky is blueAddress or name of remote host []? 10.1.1.1Destination username [ssl-proxy]? admin-1Destination filename [TP1]? TP1.p12Password:Writing TP1.p12 Writing pkcs12 file to scp://admin-1@10.1.1.1/TP1.p12Password:!CRYPTO_PKI:Exported PKCS12 file successfully.wwbvpn(config)#crypto pki import pem
To import a PEM-formatted file to the WebVPN Services Module, use the crypto pki import pem command.
crypto pki import trustpoint_label pem [exportable] {terminal | url url | usage-keys} pass_phrase
Syntax Description
Defaults
This command has no default settings.
Command History
Global configuration
Command History
WebVPN Services Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
You will receive an error if you enter the pass phrase incorrectly.The pass phrase can be any phrase including spaces and punctuation except for the question mark (?), which has special meaning to the Cisco IOS parser.
Pass-phrase protection associates a pass phrase with the key. The pass phrase is used to encrypt the key when it is exported. When this key is imported, you must enter the same pass phrase to decrypt it.
When importing RSA keys, you can use a public key or its corresponding certificate.
The crypto ca import pem command imports only the private key (.prv), the server certificate (.crt), and the issuer CA certificate (.ca). If you have more than one level of CA in the certificate chain, you need to import the root and subordinate CA certificates before this command is used for authentication. Use the cut-and-paste feature or TFTP to import the root and subordinate CA certificates.
Examples
This example shows how to import a PEM-formatted file from the WebVPN Services Module:
wwbvpn(config)# crypto pki import TP5 pem url tftp://10.1.1.1/TP5 password% Importing CA certificate...Address or name of remote host [10.1.1.1]?Destination filename [TP5.ca]?Reading file from tftp://10.1.1.1/TP5.caLoading TP5.ca from 10.1.1.1 (via Ethernet0/0.168): ![OK - 1976 bytes]% Importing private key PEM file...Address or name of remote host [10.1.1.1]?Destination filename [TP5.prv]?Reading file from tftp://10.1.1.1/TP5.prvLoading TP5.prv from 10.1.1.1 (via Ethernet0/0.168): ![OK - 963 bytes]% Importing certificate PEM file...Address or name of remote host [10.1.1.1]?Destination filename [TP5.crt]?Reading file from tftp://10.1.1.1/TP5.crtLoading TP5.crt from 10.1.1.1 (via Ethernet0/0.168): ![OK - 1692 bytes]% PEM files import succeeded.wwbvpn(config)# endwebvpn#*Apr 11 15:11:29.901: %SYS-5-CONFIG_I: Configured from console by consoleRelated Commands
crypto pki import pkcs12
To import a PKCS12 file to the WebVPN Services Module, use the crypto ca import pkcs12 command.
crypto pki import trustpoint_label pkcs12 file_system [pkcs12_filename] pass_phrase
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
If you are using SSH, we recommend using SCP (secure file transfer) when importing a PKCS12 file. SCP authenticates the host and encrypts the transfer session.
If you do not specify a value for pkcs12_filename, you will be prompted to accept the default filename (the default filename is the trustpoint_label value) or to enter the filename. For the ftp: or tftp: value, include the full path in the pkcs12_filename value.
You will receive an error if you enter the pass phrase incorrectly.
If there is more than one level of CA, the root CA and all the subordinate CA certificates are exported in the PKCS12 file.
Examples
This example shows how to import a PKCS12 file using SCP:
wwbvpn(config)# crypto ca import TP2 pkcs12 scp: sky is blueAddress or name of remote host []? 10.1.1.1Source username [ssl-proxy]? admin-1Source filename [TP2]? /users/admin-1/pkcs12/TP2.p12Password:passwordSending file modes:C0644 4379 TP2.p12!wwbvpn(config)#*Aug 22 12:30:00.531:%CRYPTO-6-PKCS12IMPORT_SUCCESS:PKCS #12 Successfully Imported.wwbvpn(config)#crypto pki profile enrollment
To define an enrollment profile, use the crypto pki profile enrollment command in global configuration mode. To delete all information associated with this enrollment profile, use the no form of this command.
crypto pki profile enrollment label
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
After entering the crypto pki profile enrollment command, you can use any of the following commands to define the profile parameters:
•
•
•
•
•
•
•
Note
Examples
This example shows how to specify the timeout in seconds for each request:
webvpn(config)# crypto pki profile enrollment testwebvpn(ca-profile-enroll)#crypto pki trustpoint
To enter the configuration submode for the certificate-authority trustpoint and define the certificate-authority trustpoint, use the crypto pki trustpoint command. Use the no form of this command to remove any commands that you have entered in the WebVPN subcommand mode from the configuration.
crypto pki trustpoint trustpoint-label
no crypto pki trustpoint trustpoint-label
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The trustpoint-label argument is case-sensitive.
After you enter the crypto pki trustpoint command, the prompt changes to the following:
webvpn(ca-trustpoint)#After you enter the ca-trustpoint submode, there are commands available to configure the CA trustpoint. Table 2-1 lists the ca-trustpoint submode commands.
You should declare one trustpoint to be used by the module for each certificate.
The trustpoint-label value should match the key-label value of the keys; however, this is not a requirement.
When you specify the IP address of the WebVPN gateway that will use this certificate, some web browsers compare the IP address in the SSL server certificate with the IP address that might appear in the URL. If the IP addresses do not match, the browser may display a dialog box and ask the client to accept or reject this certificate.
When specifying the subject-name line value, use these guidelines:
•
•
•
Examples
This example shows how to declare the trustpoint PROXY1 and verify connectivity:
webvpn(config)# crypto pki trustpoint PROXY1webvpn(ca-trustpoint)# rsakeypair PROXY1webvpn(ca-trustpoint)# enrollment url http://exampleCA.cisco.comwebvpn(ca-trustpoint)# ip-address 10.0.0.1webvpn(ca-trustpoint)# password passwordwebvpn(ca-trustpoint)# serial-numberwebvpn(ca-trustpoint)# subject-name C=US; ST=California; L=San Jose; O=Cisco; OU=Lab;CN=host1.cisco.comwebvpn(ca-trustpoint)# endwebvpn# ping example.cisco.comType escape sequence to abort.Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 mswebvpn#debug webvpn
To turn on the debug flags in different system components, use the debug webvpn command. Use the no form of this command to turn off the debug flags.
debug webvpn [aaa | cifs | cookie | dns | emweb | http | package | platform [type] | port-forward | sock | timer | trie | tunnel | webservice]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
Note
•
•
•
•
The platform type has the following options:
The platform app includes the following values:
–
–
–
–
The platform app-driver includes the following values:
–
–
–
–
–
The platform content includes the following values:
–
–
–
–
–
–
The platform fdu includes the following values:
–
–
–
–
–
The platform flash includes the following values:
–
The platform ipc includes the following values:
–
The platform pc includes the following values:
–
The platform pki includes the following values:
–
–
–
–
–
–
–
The platform remote includes the following values:
–
–
The platform ssl keyword includes the following values:
–
–
–
–
–
Note
If you run TCP debug commands, the TCP module displays large amounts of debug information on the console, which can significantly slow down module performance. Slow module performance can lead to delayed processing of TCP connection timers, packets, and state transitions.The platform tcp keyword includes the following values:
–
–
–
–
–
The platform tunnel keyword includes the following values:
–
–
Examples
This example shows how to turn on tunnel debugging:
webvpn# debug webvpn tunnelwebvpn#This example shows how to turn on App debugging:
webvpn# debug webvpn platform appwebvpn#This example shows how to turn on FDU debugging:
webvpn# debug webvpn platform fduwebvpn#This example shows how to turn on IPC debugging:
webvpn# debug webvpn platform ipcwebvpn#This example shows how to turn on PKI debugging:
webvpn# debug webvpn platform pkiwebvpn#This example shows how to turn on SSL debugging:
ssl-proxy# debug webvpn platform sslssl-proxy#This example shows how to turn on TCP debugging:
ssl-proxy# debug webvpn platform tcpssl-proxy#This example shows how to turn off TCP debugging:
ssl-proxy# no debug webvpn platform tcpssl-proxy#do
To execute EXEC-level commands from global configuration mode or other configuration modes or submodes, use the do command.
do command
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration or any other configuration mode or submode from which you are executing the EXEC-level command.
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
Caution
You cannot use the do command to execute the configure terminal command because entering the configure terminal command changes the mode to configuration mode.
You cannot use the do command to execute the copy or write command in the global configuration mode or any other configuration mode or submode.
Examples
This example shows how to execute the EXEC-level show interfaces command from within global configuration mode:
wwbvpn(config)# do show interfaces serial 3/0Serial3/0 is up, line protocol is upHardware is M8T-RS232MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255Encapsulation HDLC, loopback not set, keepalive set (10 sec)Last input never, output 1d17h, output hang neverLast clearing of "show interface" counters never...wwbvpn(config)#nbns-list
To enter the nbnslist submode and configure NetBIOS Name Service (NBNS) servers, use the nbns-list command. Use the no form of this command to remove the specified list from the configuration.
nbns-list name
no nbns-list name
Syntax Description
Defaults
This command has no default settings.
Command Modes
WebVPN context submode
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The listname argument is case-sensitive and can be a maximum of 64 characters.
After you enter the nbns-list command, the prompt changes to the following:
webvpn(config-webvpn-nbnslist)#After you enter the nbnslist submode, there are commands available to configure the NBNS servers. Table 2-4 lists the nbnslist submode commands.
Examples
This example shows how to enter the nbnslist submode and configure the NBNS list and server address:
webvpn(config)# webvpn context c1webvpn(config-webvpn-context)# nbns-list list2webvpn(config-webvpn-nbnslist)# nbns-server 10.1.1.2webvpn(config-webvpn-nbnslist)# exitwebvpn(config-webvpn-context)#Related Commands
policy group
To define a group-policy template, associate a group-policy with a particular proxy server, and enter the group-policy submode, use the webvpn policy group command from context subcommand mode. Use the no form of this command to remove any commands that you have entered in the WebVPN subcommand mode from the configuration.
policy group group-policy-name
no policy group group-policy-name
Syntax Description
Defaults
See the "Usage Guidelines" section for the submode command defaults.
Command Modes
WebVPN context submode
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The group-policy-name argument is case-sensitive.
After you enter the policy group command, the prompt changes to the following:
webvpn(config-webvpn-group)#Table 2-3 lists the commands available to configure the group-policy template.
Table 2-3 Group-policy Commands
banner value string
Specifies the banner string for the user or group. The string value may contain 7-bit ASCII values, HTML tags, and escape sequences. This string is presented to the user after login.
No string is specified.
exit
Exits from group-policy configuration mode.
filter tunnel {ip-acl | ip-expanded-acl | name}
Defines the tunnel-specific access list.
•
•
•
No name is specified.
functions {file-access | file-browse | file-entry| svc-enabled| svc-required}
Specifies the file function as follows:
Note
•
•
•
•
•
All values are disabled.
hide-url-bar
Disables the URL bar on the portal page.
Note
nbns-list name
Specifies the NBNS list for CIFS as defined in the context configuration.
Supported only with Windows 2000 servers and Linux/UNIX.
Note
no
Negates a command or set its defaults.
port-forward name
Specifies the port-forward list as defined in the context configuration. Entering the command again overrides the previous setting. The default is to have no list specified,
Note
No list specified, and port forwarding is disabled.
timeout {idle | session} seconds
Specifies the end-user idle timeout value and maximum session timeout value for the user or group.
idle seconds—Specifies the end-user inactivity. Valid values for idle timeout are from 0 (disabled) to 3600 seconds.
session seconds—Specifies the total session time, regardless of activity. Valid values for session timeout are from 1 to 1209600 seconds.
idle seconds—2100 seconds (35 minutes)
session seconds—43200 seconds (12 hours)
svc
Specifies the tunnel configuration; see the svc command for additional information.
url-list name
Specifies the URL list as defined in the context configuration. Entering the command again overrides the previous setting.
Note
No list is specified.
Examples
This example show how to configure the WebVPN context and the WebVPN group-policy:
webvpn(config)# webvpn context ciscowebvpn(config-webvpn-context)# policy group cisco_tunlwebvpn(config-webvpn-group)# function svc-enabledwebvpn(config-webvpn-group)# timeout idle 36000webvpn(config-webvpn-group)# timeout session 144000webvpn(config-webvpn-group)# svc address-pool "cisco_tunl_pool"webvpn(config-webvpn-group)# svc keep-client-installedwebvpn(config-webvpn-group)# svc rekey time 40000webvpn(config-webvpn-group)# svc rekey method new-tunnelwebvpn(config-webvpn-group)# svc dpd-interval gateway 0webvpn(config-webvpn-group)# svc dpd-interval client 300webvpn(config-webvpn-group)# exitwebvpn(config-webvpn-context)#port-forward
To enter the port-forwarding submode and configure port-forwarding entries, use the port-forward command. Use the no form of this command to remove the given list from the configuration.
port-forward listname
no port-forward listname
Syntax Description
Defaults
This command has no default settings.
Command Modes
WebVPN context submode
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The listname argument is case-sensitive and can be a maximum of 64 characters.
After you enter the port-forward command, the prompt changes to the following:
webvpn(config-webvpn-port-fwd)#After you enter the port-forward submode, there are commands available to configure the port-forwarding services. Table 2-4 lists the port-forwarding submode commands.
You can specify multiple entries for a given listname value. The listname value is provided to group the port forwarding entries into a list that can be applied to a username or a group policy.
Specifying no removes the matching line from the configuration; the remote server and remote port do not need to be included.
Examples
This example shows how to enter the port-forwarding submode and configure port-forwarding entries:
webvpn(config-webvpn-context)# port-forward abcwebvpn(config-webvpn-port-fwd)# local-port 25 remote-server "mailman" remote-port 25 description "SMTP server"webvpn(config-webvpn-port-fwd)# local-port 110 remote-server "pop3-ny" remote-port 110 description "POP3-server"webvpn(config-webvpn-port-fwd)# local-port 143 remote-server "imap-ny" remote-port 143 description "IMAP server"webvpn(config-webvpn-port-fwd)#Related Commands
show webvpn context
To display information about a specific context, use the show webvpn context command.
show webvpn context name
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to collect information about the software-forced reset:
webvpn# show web context tunnelAdmin Status: upOperation Status: upTCP Policy not configuredSSL Policy not configuredCertificate authentication type: peer certificate is always acceptedAAA Authentication List: webvpnAAA Authentication Domain not configuredDefault Group Policy: tunnelAssociated WebVPN Gateway: s2Domain Name and Virtual Host not configuredMaximum Users Allowed: 2560 (default)NAT Address Range: 10.81.12.4-10.81.12.9 mask 255.255.255.0VRF Name not configuredwebvpn#show webvpn dispatch
To display WebVPN dispatching information, use the show webvpn dispatch command.
show webvpn dispatch {algorithm | member | stats}
Syntax Description
algorithm
Displays the current content load balancing (CLB) algorithm.
member
Displays CLB member table infomation.
stats
Displays the dispatching statistics.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display the WebVPN dispatching statistics:
webvpn# show webvpn dispatch statSSLVPN: Dispatching Statistics:--------------------------------Total packets dispatched = 2827Total packets need multiple buffers = 12Total packets with no core id = 93Total packets with embedded core id = 2722Per Core Dispatching Statistics:--------------------------------AssignedCore-ID Symbolic-ID Connections------- ----------- -----------1 SwCidIos 437 SwCidVpn1 51This example shows how to display the current CLB algorithm:
webvpn# show webvpn dispatch algorithmSSLVPN: Current CLB algorithm:-------------------------------Weighted Round Robin (Master Weight = 5 Slave Weight = 6)This example shows how to display CLB member table infomation:
webvpn# show webvpn dispatch memberSSLVPN: CLB Member Table(Current RR Index 1):Member-Index Core-ID Symbolic-ID Weight Quota------------ ------- ----------- ------ -----0 1 SwCidIos 5 31 7 SwCidVpn1 6 2webvpn#show webvpn gateway
To display gateway information, use the show webvpn gateway command.
show webvpn gateway [name]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display information for all gateways:
webvpn# show webvpn gatewayGateway Name Admin Operation------------ ----- ---------s1 up ups2 up upgateway1 down downtunnel down downThis example shows how to display information for a specific gateway:
webvpn# show webvpn gateway s1Admin Status: upOperation Status: upIP: 10.1.2.140, port: 443TCP Policy not configuredSSL Policy not configuredSSL Trustpoint: tp1Certificate chain for new connections:Certificate:Key Label: tp1, 1024-bit, not exportableKey Timestamp: 12:09:27 UTC Dec 25 2004Serial Number: 0FE5Root CA Certificate:Serial Number: 01rsa-general-purpose certificateCertificate chain completeshow webvpn install
To display information on installed WebVPN files and packages, use the show webvpn install command.
show webvpn install {file filename | package {csd | svc}| status {csd | svc}}
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display status information about the SSL VPN client (SVC):
webvpn# show web install status svcSSLVPN Package SSL-VPN-Client version installed:CISCO STC win2k+ 1.0.01,1,1Tue 04/08/2005 15:31:20.43This example shows how to display information about the files included in the SVC package:
webvpn# show web install package svcSSLVPN Package SSL-VPN-Client installed:File: \webvpn\stc\1\binaries\detectvm.class, size: 555File: \webvpn\stc\1\binaries\java.htm, size: 309File: \webvpn\stc\1\binaries\main.js, size: 8049File: \webvpn\stc\1\binaries\ocx.htm, size: 244File: \webvpn\stc\1\binaries\setup.cab, size: 164216File: \webvpn\stc\1\binaries\stc.exe, size: 90104File: \webvpn\stc\1\binaries\stcjava.cab, size: 6154File: \webvpn\stc\1\binaries\stcjava.jar, size: 4053File: \webvpn\stc\1\binaries\stcweb.cab, size: 12668File: \webvpn\stc\1\binaries\update.txt, size: 9File: \webvpn\stc\1\empty.html, size: 214File: \webvpn\stc\1\images\alert.gif, size: 2042File: \webvpn\stc\1\images\buttons.gif, size: 1842File: \webvpn\stc\1\images\loading.gif, size: 313File: \webvpn\stc\1\images\title.gif, size: 2739File: \webvpn\stc\1\index.html, size: 4725File: \webvpn\stc\2\index.html, size: 325File: \webvpn\stc\version.txt, size: 63Total files: 18This example shows how to display the contents of a specific file:
webvpn# show web install file \webvpn\stc\version.txtSSLVPN File \webvpn\stc\version.txt installed:CISCO STC win2k+ 1.0.01,1,1Tue 04/08/2005 15:31:20.43webvpn#show webvpn nbns
To display information on WebVPN NBNS cache, use the show webvpn nbns command.
show webvpn nbns context {name | all}
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display status information about the NBNS cache for a specified context:
webvpn# show web nbns context tunnelNetBIOS name IP Address Timestamp0 total entrieswebvpn#This example shows how to display status information about the NBNS cache for all contexts:
webvpn# show web nbns context allNetBIOS name IP Address Timestamp0 total entriesNetBIOS name IP Address Timestamp0 total entriesNetBIOS name IP Address Timestamp0 total entriesNetBIOS name IP Address Timestamp0 total entriesNetBIOS name IP Address Timestamp0 total entrieswebvpn#show webvpn platform buffers
To display information about TCP buffer usage, use the show webvpn platform buffers command.
show webvpn-platform buffers [module module]
Syntax Description
module module
(Optional) Valid values for module are as follows:
all—all CPUs
fdu—FDU CPU
ssl1—SSL1 CPU
tcp1—TCP1 CPU
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display the buffer usage and other information in the TCP subsystem:
webvpn# show webvpn-platform buffers module allBuffers info for TCP module 1TCP data buffers used 3340 limit 88064TCP ingress buffer pool size 44032 egress buffer pool size 44032TCP ingress data buffers min-thresh 5636096 max-thresh 9017344TCP ingress data buffers used Current 0 Max 27TCP ingress buffer RED shift 9 max drop prob 10Conns consuming ingress data buffers 0Buffers with App 0TCP egress data buffers used Current 0 Max 115Conns consuming egress data buffers 0In-sequence queue bufs 0 OOO bufs 0Per-flow avg qlen 0 Global avg qlen 0webvpn#Related Commands
show webvpn platform context
To display information on WebVPN context, use the show webvpn platform context command.
show webvpn platform context name [module module]
Syntax Description
name
Name of the context.
module module
Valid values for module are as follows:
all—all CPUs
fdu—FDU CPU
ssl1—SSL1 CPU
tcp1—TCP1 CPU
tcp2—TCP2 CPU
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display status information about the specified context:
webvpn# show webvpn platform context tunnelCertificate authentication type: peer certificate is always acceptedAdmin Status: upOperation Status: upwebvpn#This example shows how to display all module status information about the specified context:
webvpn# show webvpn platform context tunnel module allFDU Service EntryService ID : 8 Protocol : 0Virtual IP : 0.0.0.0 Virtual port : 0HTTP-redirect: 0Hash Index : 0 Conn Count : 0Bound ID : 0 State : DOWNService ID 8IP address : 116.117.110.110 Port : 0MSS : 1460SYN timeout (s): 75Idle timeout (s) : 600FIN wait timeout (s) : 75Reassembly timeout (s) : 60Connection Rx Buffer Size : 32768Connection Tx Buffer Size : 65536TOS Carryover DisabledService entry in cpu 1:Cipher suites: 0xFVersions: 0x3Options: 0x6Current Certificate Index: 0x0 0x0 0x0 0x0 0x0 0x0 0x0Certificate Index at 0 location: 0x0 0x0 0x0 0x0 0x0 0x0 0x0Certificate Index at 1 location: 0x0 0x0 0x0 0x0 0x0 0x0 0x0Flags: 0x202Handshake timeout: 0 secsSession timeout: 0 secsSession cache size: 262144show webvpn platform crash-info
To collect information about the software-forced reset from the WebVPN Services Module, use the show webvpn platform crash-info command.
show webvpn platform crash-info [brief | details]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to collect a small subset of software-forced reset information:
webvpn# show webvpn platform crash-info brief===== SSLVPN SERVICE MODULE - START OF CRASHINFO COLLECTION =====------------- COMPLEX 0 [VPN_IOS] ----------------------NVRAM CHKSUM: 0xDABBNVRAM MAGIC: 0xC8A514F0NVRAM VERSION: 1++++++++++ CORE 0 (VPN (slave)) ++++++++++++++++++++++++HW_CID: 0APPLICATION VERSION: SVCWEBVPN Software (SVCWEBVPN-K9Y9-M), Version 12.3(7.11)VA(0.117) INTERIM SOFTWARE \nCompiled Wed 13-Apr-05 02:20 by integAPPROXIMATE TIME WHEN CRASH HAPPENED: 02:56:38 UTC Sep 1 2005THIS CORE DIDN'T CRASHTRACEBACK: 374110 375C0CCPU CONTEXT -----------------------------$0 : 00000000, AT : 01050000, v0 : 00000000, v1 : 01050000a0 : 0104F3E0, a1 : 0208A390, a2 : 00000000, a3 : 00000000t0 : 00000000, t1 : 032B8BC8, t2 : 00000001, t3 : FFFF00FFt4 : 00368100, t5 : 74696F6E, t6 : 00000000, t7 : 39353438s0 : 01050000, s1 : 01051F40, s2 : 028E16E0, s3 : 00BA0000s4 : 00BA0000, s5 : 00BA0000, s6 : 01050000, s7 : 01050000t8 : 0D0D0D0D, t9 : 00000000, k0 : 00400001, k1 : 00000000gp : 00FC65E0, sp : 028E16D0, s8 : 00000000, ra : 00374160LO : F88923EA, HI : DA46BB94, BADVADDR : B60ED79DEPC : 00374110, ErrorEPC : BFC00C70, SREG : 3400FD03Cause 00004000 (Code 0x0): Interrupt exceptionCACHE ERROR registers -------------------CacheErrI: 00000000, CacheErrD: 00000000ErrCtl: 00000000, CacheErrDPA: 0000000000000000++++++++++ CORE 1 (IOS (master)) ++++++++++++++++++++++++HW_CID: 1APPLICATION VERSION: SVCWEBVPN Software (SVCWEBVPN-K9Y9-M), Version 12.3(7.11)VA(0.117) INTERIM SOFTWARE \nCompiled Wed 13-Apr-05 02:51 by integAPPROXIMATE TIME WHEN CRASH HAPPENED: 02:56:36 UTC Sep 1 2005THIS CORE CRASHEDTRACEBACK: 1C6C7EC 1CC1B20 1CBEC14 1CBEDA8 1CC16EC 1CC1E7C 1CC96C4 1CC9930 1CC94DC 1CCA570 1CBDF58 1CB69FC 1CB1898 1C7F964 1CE3618 1CE431CCPU CONTEXT -----------------------------$0 : 00000000, AT : 021D0000, v0 : 00000001, v1 : 00000000a0 : 0CFA6952, a1 : 00000000, a2 : 00000002, a3 : 00000062t0 : 00000001, t1 : 00000000, t2 : 00000001, t3 : 00000062t4 : 00000048, t5 : 0A0D0A0D, t6 : 0A0D0A0A, t7 : 090A0A0As0 : 00000000, s1 : 0CFA6950, s2 : 0D583008, s3 : 0CFA6950s4 : 0CFA6953, s5 : 02270000, s6 : 17394FC8, s7 : 0D4708B8t8 : 00000005, t9 : 00000001, k0 : 00000000, k1 : 00000000gp : 021D4080, sp : 0CCE3840, s8 : FFFFFFFF, ra : 01CC1B20LO : 00000003, HI : 0238A2C0, BADVADDR : 00000000EPC : 01C6C7EC, ErrorEPC : 01572900, SREG : 3400FD03Cause 0000000C (Code 0x3): TLB (store) exceptionCACHE ERROR registers -------------------CacheErrI: 00000000, CacheErrD: 00000000ErrCtl: 00000000, CacheErrDPA: 0000000000000000------------- COMPLEX 1 [FDU_TCP_SSL_1] ----------------------NVRAM CHKSUM: 0x3C34NVRAM MAGIC: 0xC8A514F0NVRAM VERSION: 1++++++++++ CORE 0 (TCP/FDU Processor #1) ++++++++++++++++++++++++HW_CID: 2APPLICATION VERSION: 2005.03.15 22:14:57 built for maheshAPPROXIMATE TIME WHEN CRASH HAPPENED: 11:28:14 UTC Aug 1 2005THIS CORE CRASHEDTRACEBACK: 20A994 20B000 243C54 2444C8 24FF90 21A088 219970 2263B0 2523FCCPU CONTEXT -----------------------------$0 : 00000000, AT : 00270000, v0 : 0000005C, v1 : 00285760a0 : 12630E54, a1 : 00000000, a2 : 00000000, a3 : 00000000t0 : 00000000, t1 : 34007E01, t2 : 34007100, t3 : FFFF00FFt4 : 0020A9C0, t5 : 82602460, t6 : 00000002, t7 : 00000001s0 : 12630E54, s1 : 002824DC, s2 : 12630C5C, s3 : 12630C5Cs4 : 002E0000, s5 : 00000003, s6 : 12630C20, s7 : 0026B258t8 : FFFFFFFF, t9 : 0160A2A0, k0 : 00400001, k1 : 00000000gp : 00273320, sp : 09DFFD40, s8 : 12630C20, ra : 0020B000LO : 00000000, HI : 0000004E, BADVADDR : 12630E54EPC : 0020A994, ErrorEPC : F7EF23EA, SREG : 34007E03Cause 00008014 (Code 0x5): Address Error (store) exceptionCACHE ERROR registers -------------------CacheErrI: 00000000, CacheErrD: 00000000ErrCtl: 00000000, CacheErrDPA: 0000000000000000++++++++++ CORE 1 (SSL Processor #1) ++++++++++++++++++++++++HW_CID: 3APPLICATION VERSION: 2005.03.15 22:14:57 built for maheshAPPROXIMATE TIME WHEN CRASH HAPPENED: 11:28:14 UTC Aug 1 2005THIS CORE DIDN'T CRASHTRACEBACK: 449F70 433458 42D0A0 422694CPU CONTEXT -----------------------------$0 : 00000000, AT : 00490000, v0 : 00000000, v1 : 0E1743D8a0 : 09E0A534, a1 : 00000002, a2 : 00000002, a3 : 00000002t0 : 00006100, t1 : 00000000, t2 : B0060100, t3 : FFFF00FFt4 : 0040A9C0, t5 : A295B1CD, t6 : B22AEDDB, t7 : F9D0B2ACs0 : 09E0A4E8, s1 : 0048F698, s2 : 00000000, s3 : 0048F600s4 : 00000000, s5 : 00000000, s6 : 00480000, s7 : 00480000t8 : 00000002, t9 : 00000001, k0 : 00000000, k1 : 00000000gp : 004965E0, sp : 123FFF30, s8 : 00000001, ra : 00433458LO : 999999C9, HI : 0000001F, BADVADDR : 644E427AEPC : 00449F70, ErrorEPC : FFDF6777, SREG : 34007E03Cause 0000C000 (Code 0x0): Interrupt exceptionCACHE ERROR registers -------------------CacheErrI: 00000000, CacheErrD: 00000000ErrCtl: 00000000, CacheErrDPA: 0000000000000000===== SSLVPN SERVICE MODULE - END OF CRASHINFO COLLECTION =======show webvpn platform gateway
To display gateway information WebVPN, use the show webvpn platform gateway command.
show webvpn platform gateway name [debug | module module]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display status information for a specific gateway:
webvpn# show webvpn platform gateway tunnelIP: 10.1.2.14, port: 443rsa-general-purpose certificate trustpoint: mytpCertificate chain for new connections:Certificate:Key Label: mytp, 1024-bit, not exportableKey Timestamp: 12:09:27 UTC Dec 25 2004Serial Number: 0FE5Root CA Certificate:Serial Number: 01Certificate chain completeAdmin Status: upOperation Status: upwebvpn#This example shows how to display debug information for a specific gateway:
webvpn# show webvpn platform gateway s1 debugIP: 10.1.2.14, port: 443rsa-general-purpose certificate trustpoint: mytpCertificate chain for new connections:Certificate:Key Label: mytp, 1024-bit, not exportableKey Timestamp: 12:09:27 UTC Dec 25 2004Serial Number: 0FE5Root CA Certificate:Serial Number: 01Certificate chain completeAdmin Status: upOperation Status: upService ID: 1 Bound ID: -1Virtual IP: 10.1.2.14 Port : 443VLAN ID : 0 MAC Address : 0000.0000.0000State : PROXY VALIDEnabled : YesSecondary : NoClient NAT: disableServer NAT: disablewebvpn#This example shows how to display status information for all CPUs for a specific gateway:
webvpn# show web platform gateway s1 module allFDU Service EntryService ID : 1 Protocol : 6Virtual IP : 64.102.223.140 Virtual port : 443HTTP-redirect: 0Hash Index : 896 Conn Count : 0Bound ID : -1 State : UPService ID 1IP address : 10.1.2.14 Port : 443MSS : 1460SYN timeout (s): 75Idle timeout (s) : 600FIN wait timeout (s) : 75Reassembly timeout (s) : 60Connection Rx Buffer Size : 32768Connection Tx Buffer Size : 65536TOS Carryover DisabledService entry in cpu 1:Cipher suites: 0xFVersions: 0x3Options: 0x6Current Certificate Index: 0x0 0x1 0x0 0x0 0x0 0x0 0x0Certificate Index at 0 location: 0x0 0x0 0x0 0x0 0x0 0x0 0x0Certificate Index at 1 location: 0x0 0x0 0x0 0x0 0x0 0x0 0x0Flags: 0x201Handshake timeout: 0 secsSession timeout: 0 secsSession cache size: 262144webvpn#show webvpn platform mac address
To display the current MAC address, use the show webvpn platform mac address command.
show webvpn platform mac address
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display the current MAC address that is used in the WebVPN Services Module:
webvpn# show webvpn platform mac addressSVCWEBVPN module MAC address: 000d.29f0.c24cwebvpn#show webvpn platform policy
To display the SSL or TCP policy information, use the show webvpn platform policy command.
show webvpn platform policy {ssl | tcp} name
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display SSL policy information on the WebVPN Services Module:
webvpn# show webvpn platform policy sslSSL Policy Name Usage-Countwebvpn#show webvpn platform version
To display the current image version, use the show webvpn platform version command.
show webvpn platform version
Syntax Description
This command has no arguments or keywords.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display the image version that is currently running on the WebVPN Services Module:
webvpn# show webvpn platform versionCisco IOS Software, SVCWEBVPN Software (SVCWEBVPN-K9Y9-M), Version 12.3(8)VA(1.1)Copyright (c) 1986-2005 by Cisco Systems, Inc.Compiled Thu 26-May-05 02:44 by integROM: System Bootstrap, Version 12.2(11)YS1 RELEASE SOFTWAREwebvpn-alpha uptime is 5 days, 19 hours, 51 minutesSystem returned to ROM by power-onSystem image file is "tftp://10.1.1.1/unknown"AP Version 1.1(0.97)webvpn#show webvpn platform vlan
To display VLAN information, use the show webvpn platform vlan command.
show webvpn platform vlan [vlan-id ]
Syntax Description
vlan-id
(Optional) VLAN ID. Displays information for a specific VLAN; valid values are from 2 to 1005.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Services Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display all the VLANs that are configured on the WebVPN Services Module:
webvpn# show webvpn platform vlanVlan-id IP address NetMask VRF------- ---------- ------- ------10 10.81.12.3 255.255.255.0 -20 20.102.223.139 255.255.255.248 -This example shows how to display information about a specific VLAN on the WebVPN Services Module:
webvpn# show webvpn platform vlan 10Vlan-id IP address NetMask VRF------- ---------- ------- ------10 10.81.12.3 255.255.255.0 ------- FDU module info ----FDU Vlan EntryVLAN ID : 10My IP Addr : 10.81.12.3My Net Mask : 255.255.255.0VRF ID : 0show webvpn policy
To display the configured WebVPN policies, use the show webvpn policy command.
show webvpn policy {group name context name | tcp [name] | ssl [name]}
Syntax Description
group name context name
Displays the group policies for the specified context.
tcp
Displays the configured TCP policies.
ssl
Displays the configured SSL policies.
name
(Optional) Policy name.
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display information about the HTTP header policy:
webvpn# show web policy group tunnel context tunnelWEBVPN: group policy = tunnel ; context = tunnelidle timeout = 2100 secsession timeout = 43200 secfunctions = svc-enabledaddress pool name = "addr"dpd client timeout = 300 secdpd gateway timeout = 300 seckeep sslvpn client installed = disabledrekey interval = 3600 secrekey method = ssllease duration = 43200 secwebvpn#Related Commands
webvpn policy ssl
webvpn policy tcpshow webvpn session
To display information about the WebVPN session, use the show webvpn session command.
show webvpn session {context {name | all} | user name context {name | all}}
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Examples
This example shows how to display session information about the specified context:
webvpn# show webvpn session context c1WebVPN context name: c1Client_Login_Name Client_IP_Address No_of_Connections Created Last_Useduser1 10.2.1.220 2 04:47:16 00:01:26user2 10.2.1.221 2 04:48:36 00:01:56This example shows how to display session information for a specific user:
webvpn# show webvpn session user user1 context c1WebVPN user name = user1 ; IP address = 10.2.1.220 ; context = c1No of connections: 2Created 04:50:21, Last-used 00:00:31Client Port: 2503, Server IP Addr: 10.102.31.9, Server Port: 80Client Port: 2504User Policy ParametersGroup name = testGroup Policy Parametersurl list name = "Cisco test URL list"idle timeout = 2100 secsession timeout = 43200 secport forward name = "Mail Servers"dpd client timeout = 300 secdpd gateway timeout = 300 seckeep sslvpn client installed = disabledrekey interval = 3600 secrekey method = ssllease duration = 43200 secshow webvpn stats
To display information about the statistics counter, use the show webvpn stats command.
show webvpn stats [type]
Syntax Description
Defaults
This command has no default settings.
Command Modes
EXEC
Command History
WebVPN Services Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The valid options for type are as follows:
•
•
•
•
•
•
•
Examples
This example shows how to display all the statistics counters that are collected on the WebVPN Services Module:
webvpn# show webvpn statsUser session statistics:Active user sessions : 1 AAA pending reqs : 0Peak user sessions : 6 Peak time : 17:22:16Active user TCP conns : 2 Terminated user sessions : 29Session alloc failures : 0 Authentication failures : 3VPN session timeout : 1 VPN idle timeout : 9User cleared VPN sessions: 0 Exceeded ctx user limit : 0Exceeded total user limit: 0Mangling statistics:Relative urls : 15705 Absolute urls : 41850Non-http(s) absolute urls: 9306 Non-standard path urls : 1005Interesting tags : 200329 Uninteresting tags : 398899Interesting attributes : 164642 Uninteresting attributes : 272669Embedded script statement: 10226 Embedded style statement : 2800Inline scripts : 34868 Inline styles : 26475HTML comments : 6018 HTTP/1.0 requests : 148HTTP/1.1 requests : 8115 Unknown HTTP version : 0GET requests : 6290 POST requests : 95CONNECT requests : 0 Other request methods : 1878Through requests : 6172 Gateway requests : 2091Pipelined requests : 7 Req with header size >1K : 1Processed req hdr bytes : 5320280 Processed req body bytes : 529871HTTP/1.0 responses : 797 HTTP/1.1 responses : 6277HTML responses : 1919 CSS responses : 80XML responses : 2476 JS responses : 171Other content type resp : 1435 Chunked encoding resp : 1926Resp with encoded content: 0 Resp with content length : 3926Close after response : 1222 Resp with header size >1K: 0Processed resp hdr size : 1870948 Processed resp body bytes: 65670616Backend https response : 245 Chunked encoding requests: 0CIFS statistics:SMB related Per Context:TCP VC's : 0 UDP VC's : 0Active VC's : 0 Active Contexts : 0Aborted Conns : 0NetBIOS related Per Context:Name Queries : 0 Name Replies : 0NB DGM Requests : 0 NB DGM Replies : 0NB TCP Connect Fails : 0 NB Name Resolution Fails : 0SMB related Global:Sessions in use : 0 Mbufs in use : 0Mbuf Chains in use : 0 Active VC's : 0Active Contexts : 0 Browse Errors : 0Empty Browser List : 0 NetServEnum Errors : 0Empty Server List : 0 NBNS Config Errors : 0NetShareEnum Errors : 0HTTP related Per Context:Requests : 24 Request Bytes RX : 8508Request Packets RX : 0 Response Bytes TX : 1465966Response Packets TX : 975 Active Connections : 0Active CIFS context : 0 Requests Dropped : 0HTTP related Global:Server User data : 0 CIFS User data : 0Net Handles : 0 Active CIFS context : 0Authentication Fails : 0 Operations Aborted : 0Timers Expired : 0 Pending Close : 0Net Handles Pending SMB : 0 File Open Fails : 0Browse Network Ops : 0 Browse Network Fails : 0Browse Domain Ops : 0 Browse Domain Fails : 0Browse Server Ops : 0 Browse Server Fails : 0Browse Share Ops : 0 Browse Share Fails : 0Browse Dir Ops : 0 Browse Network Fails : 0File Read Ops : 0 File Read Fails : 0File Write Ops : 0 File Write Fails : 0Folder Create Ops : 0 Folder Create Fails : 0File Delete Ops : 0 File Delete Fails : 0File Rename Ops : 0 File Rename Fails : 0Socket statistics:Sockets in use : 2 Sock Usr Blocks in use : 2Sock Data Buffers in use : 0 Sock Buf desc in use : 0Select timers in use : 2 Sock Select Timeouts : 0Sock Tx Blocked : 49 Sock Tx Unblocked : 49Sock Rx Blocked : 0 Sock Rx Unblocked : 0Sock UDP Connects : 0 Sock UDP Disconnects : 0Sock Premature Close : 0 Sock Pipe Errors : 5Port Forward statistics:Client Serverin pkts : 0 out pkts : 0in bytes : 0 out bytes : 0out pkts : 0 in pkts : 0out bytes : 0 in bytes : 0Tunnel Statistics:Active connections : 0Peak connections : 1 Peak time : 5d16hConnect succeed : 6 Connect failed : 0Reconnect succeed : 1 Reconnect failed : 0DPD timeout : 0Client Serverin CSTP frames : 23098 out IP pkts : 23093in CSTP data : 23093in CSTP control : 5in CSTP bytes : 4956832 out IP bytes : 4771852out CSTP frames : 32086 in IP pkts : 32084out CSTP data : 32084out CSTP control : 2out CSTP bytes : 16136526 in IP bytes : 16512477webvpn#Most of the counters are self-explanatory. The following descriptions are for the counters that are not self-explanatory:
•
–
–
–
–
–
–
–
–
•
–
•
–
TCP/UDP VC's—Back-end TCP/UDP connections established successfully so far.
Active VC's—Currently active TCP/UDP connections.
Active Contexts—Currently active SMB contexts.
Aborted Conns—TCP connections aborted by the peer.
–
Name Queries—NBNS name queries sent.
Name Query Replies—NBNS name query replies received. Mismatch indicates that browsers, PDC, and servers could not be contacted.
NBDGM requests—NB datagram service-related get backup browser list queries sent.
NBDGM replies—NB datagram service-related get backup browser list replies received. Request and reply mismatch indicates that browse domain attempt would not work.
NB TCP connect fails—NB TCP connection attempts that resulted in failures. Indicates connectivity issues to PDC and file servers.
–
Sessions in Use—Back-end SMB sessions in use (active)
Mbufs in use—Application buffer descriptors in use.
Mbuf Chains in use—Application buffers in use.
Active VCs—Total active back-end SMB connections in the system.
Active Context—Total active back-end SMB context in the system.
Browse Errors—Indicates failed browse domain attempts.
Empty Browse list—Indicates number of times empty backup browse list replies received.
NetServEnum errors—Indicates number of failed attempts at receiving list of servers in a specific domain.
NetShareEnum errors—Indicates number of failed attempts at receiving list of files and folders in a specific share.
–
Active Connections—Connections on which CIFS requests are being processed.
Active CIFS Context—CIFS application module context on which CIFS requests are being processed.
–
Server User Data—Number of entries in the per server username and password cache.
CIFS User Data—Default username and password cache entries.
Net Handles—Total connections in the system (includes active as well as idle).
Active CIFS context—Global count of active CIFS application module contexts.
Authentication fails—CIFS HTTP requests processed without a WebVPN cookie or an expired WebVPN cookie.
Operations Aborted—Back-end operations that were aborted because the HTTP connection was lost. Indicates that CIFS transactions are not completing successfully.
Pending Close—Number of times close is pending, waiting for Tx to unblock and finish sending pending data.
•
–
–
–
–
–
–
This example shows how to display CIFS statistics on the WebVPN Services Module:
webvpn# show webvpn stats cifsCIFS statistics:SMB related Per Context:TCP VC's : 0 UDP VC's : 0Active VC's : 0 Active Contexts : 0Aborted Conns : 0NetBIOS related Per Context:Name Queries : 0 Name Replies : 0NB DGM Requests : 0 NB DGM Replies : 0NB TCP Connect Fails : 0 NB Name Resolution Fails : 0SMB related Global:Sessions in use : 0 Mbufs in use : 0Mbuf Chains in use : 0 Active VC's : 0Active Contexts : 0 Browse Errors : 0Empty Browser List : 0 NetServEnum Errors : 0Empty Server List : 0 NBNS Config Errors : 0NetShareEnum Errors : 0HTTP related Per Context:Requests : 24 Request Bytes RX : 8508Request Packets RX : 0 Response Bytes TX : 1465966Response Packets TX : 975 Active Connections : 0Active CIFS context : 0 Requests Dropped : 0HTTP related Global:Server User data : 0 CIFS User data : 0Net Handles : 0 Active CIFS context : 0Authentication Fails : 0 Operations Aborted : 0Timers Expired : 0 Pending Close : 0Net Handles Pending SMB : 0 File Open Fails : 0Browse Network Ops : 0 Browse Network Fails : 0Browse Domain Ops : 0 Browse Domain Fails : 0Browse Server Ops : 0 Browse Server Fails : 0Browse Share Ops : 0 Browse Share Fails : 0Browse Dir Ops : 0 Browse Network Fails : 0File Read Ops : 0 File Read Fails : 0File Write Ops : 0 File Write Fails : 0Folder Create Ops : 0 Folder Create Fails : 0File Delete Ops : 0 File Delete Fails : 0File Rename Ops : 0 File Rename Fails : 0webvpn#This example shows how to display the statistics for a specific context:
webvpn# show web stats context tunnelWebVPN context name : tunnelUser session statistics:Active user sessions : 0 AAA pending reqs : 0Peak user sessions : 1 Peak time : 5d16hActive user TCP conns : 0 Terminated user sessions : 5Session alloc failures : 0 Authentication failures : 0VPN session timeout : 1 VPN idle timeout : 0User cleared VPN sessions: 0 Exceeded ctx user limit : 0Mangling statistics:Relative urls : 0 Absolute urls : 0Non-http(s) absolute urls: 0 Non-standard path urls : 0Interesting tags : 0 Uninteresting tags : 0Interesting attributes : 0 Uninteresting attributes : 0Embedded script statement: 0 Embedded style statement : 0Inline scripts : 0 Inline styles : 0HTML comments : 0 HTTP/1.0 requests : 0HTTP/1.1 requests : 111 Unknown HTTP version : 0GET requests : 106 POST requests : 5CONNECT requests : 0 Other request methods : 0Through requests : 0 Gateway requests : 111Pipelined requests : 0 Req with header size >1K : 0Processed req hdr bytes : 43741 Processed req body bytes : 265HTTP/1.0 responses : 0 HTTP/1.1 responses : 0HTML responses : 0 CSS responses : 0XML responses : 0 JS responses : 0Other content type resp : 0 Chunked encoding resp : 0Resp with encoded content: 0 Resp with content length : 0Close after response : 0 Resp with header size >1K: 0Processed resp hdr size : 0 Processed resp body bytes: 0Backend https response : 0 Chunked encoding requests: 0CIFS statistics:SMB related Per Context:TCP VC's : 0 UDP VC's : 0Active VC's : 0 Active Contexts : 0Aborted Conns : 0NetBIOS related Per Context:Name Queries : 0 Name Replies : 0NB DGM Requests : 0 NB DGM Replies : 0NB TCP Connect Fails : 0 NB Name Resolution Fails : 0HTTP related Per Context:Requests : 5 Request Bytes RX : 1840Request Packets RX : 0 Response Bytes TX : 1435222Response Packets TX : 938 Active Connections : 0Active CIFS context : 0 Requests Dropped : 0Socket statistics:Sockets in use : 0 Sock Usr Blocks in use : 0Sock Data Buffers in use : 0 Sock Buf desc in use : 0Select timers in use : 0 Sock Select Timeouts : 0Sock Tx Blocked : 0 Sock Tx Unblocked : 0Sock Rx Blocked : 0 Sock Rx Unblocked : 0Sock UDP Connects : 0 Sock UDP Disconnects : 0Sock Premature Close : 0 Sock Pipe Errors : 0Port Forward statistics:Client Serverin pkts : 0 out pkts : 0in bytes : 0 out bytes : 0out pkts : 0 in pkts : 0out bytes : 0 in bytes : 0Tunnel Statistics:Active connections : 0Peak connections : 1 Peak time : 5d16hConnect succeed : 6 Connect failed : 0Reconnect succeed : 1 Reconnect failed : 0DPD timeout : 0Client Serverin CSTP frames : 23098 out IP pkts : 23093in CSTP data : 23093in CSTP control : 5in CSTP bytes : 4956832 out IP bytes : 4771852out CSTP frames : 32086 in IP pkts : 32084out CSTP data : 32084out CSTP control : 2out CSTP bytes : 16136526 in IP bytes : 16512477webvpn#snmp-server enable
To configure the SNMP traps and informs, use the snmp-server enable command. Use the no form of this command to disable SNMP traps and informs.
[no] snmp-server enable {informs | traps {ipsec | isakmp | snmp | tty}}
Syntax Description
informs
Enables SNMP informs.
traps
Enables SNMP traps.
ipsec
Enables IPSec traps. See the "" section for additional options.
isakmp
Enables ISAKMP traps. See the ""section for additional options.
snmp
Enables SNMP traps. See the "" section for additional options.
tty
Enables TCP connection traps.
Defaults
This command has no default setting.
Command Modes
Global configuration
Command History
SSL Services Module Release 2.1(1)
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The ipsec keyword has the following options:
•
•
•
The isakmp keyword has the following options:
•
The snmp keyword has the following options:
•
Examples
This example shows how to enable SNMP informs:
wwbvpn(config)# snmp-server enable informswwbvpn(config)#This example shows how to enable traps:
wwbvpn(config)# snmp-server enable trapswwbvpn(config)#This example shows how to enable authentication traps:
wwbvpn(config)# snmp-server enable traps snmp authneticationwwbvpn(config)#svc
To configure the tunnel capabilities for a group-policy context, use the svc command. Use the no form of this command to remove any of the svc commands that you have entered.
svc command
Syntax Description
command
Specifies the configuration command; see Table 2-5 for a list of available commands.
Defaults
See Table 2-5 for the default settings.
Command Modes
WebVPN group context submode
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The prompt for the svc command is the same as the group-policy prompt.
Table 2-5 lists the commands available to configure tunnel-mode capability for a group context.
url-list
To enter the URL submode to configure the URL lists, use the url-list command. Use the no form of this command to remove the given list from the configuration.
url-list listname
no url-list listname
Syntax Description
Defaults
This command has no default settings.
Command Modes
WebVPN context submode
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The listname argument is case-sensitive and can be a maximum of 64 characters.
After you enter the url-list command, the prompt changes to the following:
webvpn(config-webvpn-url)#After you enter the URL submode, there are commands available to configure the URL lists. Table 2-6 lists the URL submode commands.
The url-value url keyword and argument specifies the URL that the link goes to. To use Outlook Web Access (OWA) for web-based email, append the URL with the /exchange keyword (requires authentication to an Exchange server).
You can specify multiple URLs for a given list name.
This example shows how to configure the URL list:
webvpn(config-webvpn-context)# url-list ciscowebvpn(config-webvpn-url)# url-text cisco url-value http://cisco.comwebvpn(config-webvpn-url)# url-text CNN url-value http://cnn.comwebvpn(config-webvpn-url)# url-text yahoo url-value http://yahoo.comwebvpn(config-webvpn-url)# url-text payroll url-value http://10.1.2.215/payrollwebvpn(config-webvpn-url)# url-text finance url-value https://finance.cisco.comwebvpn(config-webvpn-url)# url-text "OWA server" url-value http://mail.cisco.com/exchangewebvpn(config-webvpn-url)# exitwebvpn(config-webvpn-context)#Related Commands
webvpn context
To enter the WebVPN context submode and define the virtual WebVPN context, use the webvpn context command. Use the no form of this command to remove any commands that you have entered in the WebVPN subcommand mode from the configuration.
webvpn context [vpn-name]
no webvpn context vpn-name
Syntax Description
Defaults
This command has no default settings.
Command Modes
Global configuration
Command History
WebVPN Module Release 1.1
Support for this command was introduced on the Catalyst 6500 series switches.
Usage Guidelines
The vpn-name argument is case-sensitive.
After you enter the webvpn context command, the prompt changes to the following:
webvpn(config-webvpn-context)#After you enter the context submode, there are commands available to configure the context services. Table 2-7 lists the virtual context submode commands.
Table 2-7 Virtual WebVPN Context Submode Commands
aaa authentication {{domain domain-list} | {list listname}}
Specifies AAA configuration parameters for context.
•
•
default-group-policy default-policy-name
Specifies the default group policy that the virtual WebVPN context instance uses. See the policy group command for information on group policies.
exit
Exits from the context submode and returns to the global configuration mode.
gateway gateway-name {{domain-name domain-name} | {virtual-host hostname}}
Specifies the corresponding virtual gateway instance configured on the secure gateway and the mapping methods (for example, IP address, URL, and domain name) as follows:
•
•
•
Virtualization is performed through a unique IP address.
inservice
Brings context to inservice.
login-message string
no login-message
Specifies the text that prompts the user to login. Limited to 255 characters. Use the no form of this command to return to the default setting.
string is Please enter your username and password.
logo [file filename | none]
Specifies the custom logo image that is displayed on the login and home pages.
file filename—(Optional) Specifies the filename of a file that is uploaded by the administrator to the security gateway.
nat-address start-address end-address {netmask netmask}
Specifies the NAT addresses to be used in opening a server connection. The addresses specified in the nat-address command must match one of the subnets configured on the WebVPN subinterfaces.
•
•
•
nbns-list name
Enters nbmslist submode and allows you to create the NBNS list name. See the nbns-list command for information on configuring the NBNS list.
password-prompt prompt
Configures the initial WebVPN login password prompt. The maximum length of prompt is 16 characters.
prompt is Password:
policy group policy-name
Enters the group submode and allows you to configure group policy settings. See the policy group command for information on configuring the group policy.
policy ssl policy-name
Specifies the SSL policy that the SSL protocol uses.
policy tcp policy-name
Specifies the TCP policy that the TCP protocol uses.
port-forward listname
Enters the port-forwarding submode and allows you to configure the list of ports to which the user has access. See the port-forward command for information on configuring port forwarding.
secondary-color color
no secondary-color
Specifies the color of the secondary title bars on the login, home, and file-access pages. See Table 2-8 for valid values.
The default color is purple.
secondary-text-color [black | white]
no secondary-text-color
Specifies the color of the text on the secondary bars. It is restricted to be aligned with the title bar text color; valid values are black and white. Use the no form of this command to return to the default setting.
black
ssl authenticate verify {all | none}
Configures the SSL protocol uses.
•
–
–
all
text-color [black | white]
no text-color
Specifies the color of the text on the title bars. It is restricted to just two values to limit the number of icons that need to exist for the toolbar; valid values are black and white. Use the no form of this command to return to the default setting.
white
title string
no title
Specifies the HTML title string in the browser title and on the title bar. Limited to 255 characters. Use the no form of this command to return to the default setting.
string is WebVPN Service.
title-color color
no title-color
Specifies the color of the title bars on the login, home, and file-access pages. See Table 2-8 for valid values.
The default color is purple.
username-prompt prompt
Configures the initial WebVPN login username prompt. The maximum length of prompt is 16 characters.
prompt is Login:
url-list listname
Enters the URL submode and allows you to configure the list of URLs that display on the portal Web page. See the url-list command for information on configuring the URL entries.
vrf-name vrf-name
Specifies the VRF domain configured for the virtual WebVPN context.
The WebVPN context links the previously configured address resolution, gateway, and authentication configurations.
To configure clientless mode, configure the URL lists and the group policy. To access email using Outlook Web Access (OWA), configure the URL list to point to the Microsoft Exchange server (for example, http://ipaddr/exchange).
To configure thin-client mode, configure the list of ports to forward and configure the group policy.
To configure file sharing using the common Internet file system (CIFS), configure the NetBIOS name service (NBNS) list , the server address, and the group policy.
Table 2-8 shows the valid values for color when entering the title-color color and secondary-color color commands in the WebVPN context. The default color is purple.
The value can be the name of the color that is recognized in HTML (no spaces between words or characters) or a comma-separated red, green, blue (RGB) value. The value is limited to 32 characters.
Note
