vinhlele52
30-05-2011, 12:16 PM
Chào các anh,chị !
Em đang thực hiện cấu hình SSL VPN trên phần mềm giả lập Router GNS-3 với IOS c7200-advsecurityk9-mz.124-11.T.bin.
Khi cấu hình xong em dùng trình duyệt firefox 3.6 và java 1.6 để kiểm tra thử nhưng java applet không load các kết nối được đến mail server và báo lỗi như sau :
3392
3393
Còn đây là file cấu hình của em
gateway(config-webvpn-gateway)#do show tun
show tun
% Incomplete command.
gateway(config-webvpn-gateway)#do show run
Building configuration...
Current configuration : 3494 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gateway
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ssl local
!
!
aaa session-id common
ip cef
!
!
!
!
no ip domain lookup
ip domain name demo.com
ip host demo.com 192.168.10.201
ip host abc.com 192.168.10.211
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4279256517
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4279256517
revocation-check none
rsakeypair TP-self-signed-4279256517
!
!
crypto pki certificate chain TP-self-signed-4279256517
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323739 32353635 3137301E 170D3131 30353330 31313431
31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932
35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009A29 2D0C2C9E B5440608 CC70C1D7 A935C68A 5D3864F8 8BD0A85F 22ECB7D6
B6283E1B 2A0B0353 B5AAD6E9 0B1CBD29 603DCCBF 0EB82561 01B48F8D A60908BC
21A7E8CF 312A75DD 1C86CEEE 29507678 49037E45 9EC817D7 780D0E3B 0A5A6404
1BC0F207 49B88B82 D7EBE888 69F1C915 D85C291F A00277C4 4D46D27B 0E71F3EA
BA7F0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 07676174 65776179 301F0603 551D2304 18301680 149EA20D
E88DB835 AA4CBA9E BAC574F2 0A27AE69 F8301D06 03551D0E 04160414 9EA20DE8
8DB835AA 4CBA9EBA C574F20A 27AE69F8 300D0609 2A864886 F70D0101 04050003
8181003B 80F0F3F1 EA830064 E727A8CC C41C8810 1A2711E9 C98DFC75 77A32984
5DBAF146 6AE9645E 888A8202 9C720B91 87211651 8449F87E 3681DA4B 16F9CF56
09496FF2 976640BC CE65B63C E91A65F3 C2B7DDEB 6A39090C 662B32E0 63084091
CA10BF8A 3214C9E2 1DD421C5 0A1F0591 C28CB62F 1840BD59 74D99E20 1B7DCCC1 78FDDE
quit
username ssl privilege 15 secret 5 $1$7Qvh$3KQ2uw.oYwjHzB09kjfFf0
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 195.169.20.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
!
ip http server
ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
webvpn gateway ssl-gateway
hostname ssl-gateway
ip address 195.169.20.1 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-4279256517
inservice
!
webvpn context ssl-context
title "Test ssl vpn...!"
ssl authenticate verify all
!
login-message "Nhap user dang nhap"
!
port-forward "ssl-port"
local-port 30001 remote-server "192.168.10.201" remote-port 143 description "imap"
local-port 30002 remote-server "192.168.10.201" remote-port 110 description "pop3"
local-port 30003 remote-server "192.168.10.201" remote-port 25 description "smtp"
!
policy group ssl-policy
port-forward "ssl-port"
banner "Login thanh cong...!"
timeout idle 900
timeout session 1800
default-group-policy ssl-policy
aaa authentication list ssl
gateway ssl-gateway
inservice
!
!
end
Hi vọng mấy anh chị xem và giúp đỡ cho em.
Cám ơn tất cả mọi người đã xem qua bài của em.Và sớm nhận được sự giúp đỡ của các anh chị.
Em đang thực hiện cấu hình SSL VPN trên phần mềm giả lập Router GNS-3 với IOS c7200-advsecurityk9-mz.124-11.T.bin.
Khi cấu hình xong em dùng trình duyệt firefox 3.6 và java 1.6 để kiểm tra thử nhưng java applet không load các kết nối được đến mail server và báo lỗi như sau :
3392
3393
Còn đây là file cấu hình của em
gateway(config-webvpn-gateway)#do show tun
show tun
% Incomplete command.
gateway(config-webvpn-gateway)#do show run
Building configuration...
Current configuration : 3494 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gateway
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ssl local
!
!
aaa session-id common
ip cef
!
!
!
!
no ip domain lookup
ip domain name demo.com
ip host demo.com 192.168.10.201
ip host abc.com 192.168.10.211
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4279256517
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4279256517
revocation-check none
rsakeypair TP-self-signed-4279256517
!
!
crypto pki certificate chain TP-self-signed-4279256517
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34323739 32353635 3137301E 170D3131 30353330 31313431
31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32373932
35363531 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009A29 2D0C2C9E B5440608 CC70C1D7 A935C68A 5D3864F8 8BD0A85F 22ECB7D6
B6283E1B 2A0B0353 B5AAD6E9 0B1CBD29 603DCCBF 0EB82561 01B48F8D A60908BC
21A7E8CF 312A75DD 1C86CEEE 29507678 49037E45 9EC817D7 780D0E3B 0A5A6404
1BC0F207 49B88B82 D7EBE888 69F1C915 D85C291F A00277C4 4D46D27B 0E71F3EA
BA7F0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 07676174 65776179 301F0603 551D2304 18301680 149EA20D
E88DB835 AA4CBA9E BAC574F2 0A27AE69 F8301D06 03551D0E 04160414 9EA20DE8
8DB835AA 4CBA9EBA C574F20A 27AE69F8 300D0609 2A864886 F70D0101 04050003
8181003B 80F0F3F1 EA830064 E727A8CC C41C8810 1A2711E9 C98DFC75 77A32984
5DBAF146 6AE9645E 888A8202 9C720B91 87211651 8449F87E 3681DA4B 16F9CF56
09496FF2 976640BC CE65B63C E91A65F3 C2B7DDEB 6A39090C 662B32E0 63084091
CA10BF8A 3214C9E2 1DD421C5 0A1F0591 C28CB62F 1840BD59 74D99E20 1B7DCCC1 78FDDE
quit
username ssl privilege 15 secret 5 $1$7Qvh$3KQ2uw.oYwjHzB09kjfFf0
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 195.169.20.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet1/1
ip address 192.168.10.1 255.255.255.0
duplex auto
speed auto
!
ip http server
ip http secure-server
!
!
!
logging alarm informational
!
!
!
!
!
control-plane
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
logging synchronous
stopbits 1
line aux 0
stopbits 1
line vty 0 4
!
!
webvpn gateway ssl-gateway
hostname ssl-gateway
ip address 195.169.20.1 port 443
http-redirect port 80
ssl trustpoint TP-self-signed-4279256517
inservice
!
webvpn context ssl-context
title "Test ssl vpn...!"
ssl authenticate verify all
!
login-message "Nhap user dang nhap"
!
port-forward "ssl-port"
local-port 30001 remote-server "192.168.10.201" remote-port 143 description "imap"
local-port 30002 remote-server "192.168.10.201" remote-port 110 description "pop3"
local-port 30003 remote-server "192.168.10.201" remote-port 25 description "smtp"
!
policy group ssl-policy
port-forward "ssl-port"
banner "Login thanh cong...!"
timeout idle 900
timeout session 1800
default-group-policy ssl-policy
aaa authentication list ssl
gateway ssl-gateway
inservice
!
!
end
Hi vọng mấy anh chị xem và giúp đỡ cho em.
Cám ơn tất cả mọi người đã xem qua bài của em.Và sớm nhận được sự giúp đỡ của các anh chị.