July 2008 Archives

Implement a WebVPN infrastructure to preconfigure internal web sites and tunnel connections to the internal applications.

aaa authentication

crypto pki trustpoint self_certificate

 enrollment selfsigned

 serial-number none

 ip-address none

crypto pki enroll self_certificate

crypto pki certificate chain self_certificate

 certificate self-signed 02

webvpn gateway gateway1

ip interface FastEthernet0 port 443

 http-redirect port 80

 ssl trustpoint self_certificate

 inservice

webvpn context webvpn

 title-color #CCCC66

 secondary-color white

 text-color black

 ssl authenticate verify all

 port-forward "portforward_list_1"

   local-port 3022 remote-server "10.0.1.30" remote-port 22 description "SSH"

 policy group policy_1

   port-forward "portforward_list_1" 

 default-group-policy policy_1

 gateway gateway1 domain webvpn

 max-users 2

 inservice

From your Windows or Mac system, you can use PPTP to connect to your router to establish a VPN session.

aaa new-model
aaa authentication ppp default local

vpdn enable

vpdn-group soho-vpn

accept-dialin

protocol pptp

virtual-template 1

interface virtual-template1

ip unnumbered 

peer default ip address pool vpnpool

ppp encrypt mppe auto required

ppp authentication ms-chap ms-chap-v2

ip local pool vpnpool 10.0.1.10 10.0.1.15

Telnet sends information over the network in cleartext. To enable SSH on your Cisco Router and to disable telnet, execute the commands below.

You'll have to pick your own username and password ;)

aaa new-model

username CISCO password 0 CISCO

line vty 0 4

transport input ssh

cry key generate rsa

ip ssh time-out 60

ip ssh authentication-retries 2

I just upgraded the firmware on my Apple Airport Extreme Base Station to 7.3.2. Here are the results of my speedtest after the upgrade.