Moey_G
asked on
Cisco WebVPN page does not display
Dear All,
Recently we had to make a change to one of our Cisco 2821 routers. We backed up the startup config to a TFTP server and made the changes.
Unfortunately the changes we made to the router stopped some other services working, so we rolled back to the configuration backup we made before any changes were made and did a reload.
Once the router had booted up with the old config, all services came back online except the Cisco WebVPN. If you use the Cisco VPN program you can connect and VPN OK but we previously had a page
http://ourdomain.com/vpn
That launched the Cisco WebVPN page and installed the client etc.
Since no ACL changes were made, and we reverted to the backup config anyway I can't see why it would have stopped working.
I can connect to the router using http to view the SDM config pages, so the router is responding to http traffic.
Anyway, have tried numerous different things, but VPN config is beyond the realms of Cisco training I've got. I'm new to this organisation, and the documentation for this router is pretty non-existant unfortunately.
Here is a snippet of the config, can you see anything wrong? Are there any things that would need to be re-configured if a router was reloaded(I wouldn't think so) and are there any "gotchas" with WebVPN setup I may have missed.
webvpn gateway gateway_1
ip address 192.168.0.1 port 443 (IP address adjusted for post)
http-redirect port 80
ssl trustpoint Thawte
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn context VPN
title "OurCompany - WebVPN"
logo file logo.jpg
title-color #009933
secondary-color white
text-color black
ssl authenticate verify all
!
login-message "You must be authorised to use this service. Disconnect immediate
ly if you are not an authorised user."
!
policy group policy_1
functions svc-enabled
svc address-pool "VPN_Pool"
etc..
Thanks.
Recently we had to make a change to one of our Cisco 2821 routers. We backed up the startup config to a TFTP server and made the changes.
Unfortunately the changes we made to the router stopped some other services working, so we rolled back to the configuration backup we made before any changes were made and did a reload.
Once the router had booted up with the old config, all services came back online except the Cisco WebVPN. If you use the Cisco VPN program you can connect and VPN OK but we previously had a page
http://ourdomain.com/vpn
That launched the Cisco WebVPN page and installed the client etc.
Since no ACL changes were made, and we reverted to the backup config anyway I can't see why it would have stopped working.
I can connect to the router using http to view the SDM config pages, so the router is responding to http traffic.
Anyway, have tried numerous different things, but VPN config is beyond the realms of Cisco training I've got. I'm new to this organisation, and the documentation for this router is pretty non-existant unfortunately.
Here is a snippet of the config, can you see anything wrong? Are there any things that would need to be re-configured if a router was reloaded(I wouldn't think so) and are there any "gotchas" with WebVPN setup I may have missed.
webvpn gateway gateway_1
ip address 192.168.0.1 port 443 (IP address adjusted for post)
http-redirect port 80
ssl trustpoint Thawte
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn context VPN
title "OurCompany - WebVPN"
logo file logo.jpg
title-color #009933
secondary-color white
text-color black
ssl authenticate verify all
!
login-message "You must be authorised to use this service. Disconnect immediate
ly if you are not an authorised user."
!
policy group policy_1
functions svc-enabled
svc address-pool "VPN_Pool"
etc..
Thanks.
Can you please post a full config? Make sure you sanitise any IP addresses and passwords.
ASKER
Here is the full config, I've removed all public IPs and passwords.
I'm not sure, I have a feeling perhaps SSL isn't working properly, that or could a certificate issue cause this problem?
Thanks.
-------------------------- ---------- ---------- ---------- ----------
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
aaa new-model
!
!
aaa authentication login default local group radius
aaa authentication login sdm_vpn_xauth_ml_1 group radius local
aaa authentication ppp default group radius
aaa authentication dot1x default group radius
aaa authorization exec default local group radius
aaa authorization network default group radius
aaa authorization network sdm_vpn_group_ml_1 group radius
aaa authorization network sdm_vpn_group_ml_4 local
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
!
aaa session-id common
!
resource policy
!
clock timezone
!
!
ip cef
!
!
ip domain name domain.net
ip name-server 10.101.1.3
!
voice-card 0
no dspfarm
!
!
crypto pki trustpoint TP-self-signed-1676
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-1676
revocation-check none
rsakeypair TP-self-signed-1676
!
crypto pki trustpoint Thawte
enrollment terminal
serial-number none
fqdn vpn.company.com
ip-address none
password
subject-name O=Company, OU=MIS, CN=vpn.company.com, C=AU, ST=
VIC, L=Melbourne
crl query ldap://crl.thawte.com/Thaw teSererver PremiuumCA .crl
revocation-check crl
rsakeypair vpn.company.com
regenerate
!
!
crypto pki certificate chain TP-self-signed-16764
certificate self-signed 01
CRYPTO STUFF HERE
quit
crypto pki certificate chain Thawte
certificate 7CRYPTO STUFF HERE
CRYPTO STUFF HERE
quit
certificate ca 01
quit
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN
key CRYPTO STUFF HERE
dns 10.101.1.4 10.101.1.3
wins 10.101.1.4
domain company.com
pool VPN_Pool
acl 121
include-local-lan
max-users 48
banner ^CBy logging on you acknowledge and agree that you are aware of and will
comply with the companys computer usage policies. Also that you are aware the c
ompany conducts surveillance of staff computer use and that you are responsible
for all activity
in your username.
Disciplinary action for unauthorised, illegal, or fraudulent use may follow, and
could include dismissal and/or legal prosecution. You must obtain and read a co
py of the Acceptable Use Policy prior to using the system. ^C
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA3
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_4
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I NTF-INFO-G E 0/0$$ES_LAN$$FW_INSIDE$
no ip address
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
ip address 10.100.1.1 255.255.0.0
ip nat inside
ip inspect sdm_ins_in_101 in
ip virtual-reassembly
!
interface GigabitEthernet0/0.120
description $ETH-LAN$
encapsulation dot1Q 120
ip address 10.120.1.254 255.255.0.0
ip access-group 120 in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0.150
description $ETH-LAN$
encapsulation dot1Q 150
ip address 10.150.1.1 255.255.0.0
ip access-group 150 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip inspect sdm_ins_in_101 in
ip virtual-reassembly
!
interface GigabitEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-W AN$
ip address PUBLIC IP
ip access-group 2101 in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface FastEthernet0/0/0
switchport access vlan 200
!
interface FastEthernet0/0/1
switchport access vlan 200
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Virtual-Dot11Radio1
no ip address
!
interface Virtual-PPP1
no ip address
!
interface Vlan1
no ip address
!
!
interface Virtual-TokenRing1
no ip address
ring-speed 16
!
router rip
version 2
network 10.0.0.0
!
ip local pool VPN_Pool 10.120.1.2 10.120.1.50
ip route 0.0.0.0 0.0.0.0 PUBLIC IP
ip route 10.1.0.0 255.255.0.0 10.100.1.2
ip route 10.2.0.0 255.255.0.0 10.100.1.2
ip route 10.3.0.0 255.255.0.0 10.100.1.2
ip route 172.16.0.0 255.255.0.0 10.100.1.2
ip route 192.168.0.0 255.255.0.0 10.100.1.2
!
ip flow-cache timeout active 1
ip flow-export version 5
ip flow-top-talkers
top 15
sort-by bytes
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 10.101.1.7 25 PUBLIC IP 25 route-map SDM_R
MAP_8 extendable
ip nat inside source static tcp 10.101.1.19 80 PUBLIC IP 80 route-map SDM_
RMAP_9 extendable
ip nat inside source static tcp 10.101.1.19 443 PUBLIC IP 443 route-map SD
M_RMAP_9 extendable
ip nat inside source static tcp 10.101.1.19 1494 PUBLIC IP 1494 route-map
SDM_RMAP_9 extendable
ip nat inside source static tcp 10.102.1.5 22 PUBLIC IP 29 route-map SDM_R
MAP_11 extendable
ip nat inside source static tcp 10.101.1.10 80 PUBLIC IP 80 route-map SDM_
RMAP_4 extendable
ip nat inside source static tcp 10.101.1.10 443 PUBLIC IP 443 route-map SD
M_RMAP_5 extendable
ip nat inside source static tcp 10.101.1.7 80 PUBLIC IP 80 route-map SDM_R
MAP_10 extendable
ip nat inside source static tcp 10.101.1.7 443 PUBLIC IP9 443 route-map SDM
_RMAP_7 extendable
ip nat inside source static tcp 10.101.1.108 23 PUBLIC IP 23 route-map SDM
_RMAP_13 extendable
ip nat inside source static tcp 10.101.1.3 80 PUBLIC IP 80 route-map SDM_R
MAP_3 extendable
ip nat inside source static tcp 10.101.1.3 443 PUBLIC IP 443 route-map SDM
_RMAP_6 extendable
!
!
!
!
route-map SDM_RMAP_11 permit 1
match ip address 132
!
route-map SDM_RMAP_10 permit 1
match ip address 131
!
route-map SDM_RMAP_13 permit 1
match ip address 134
!
route-map SDM_RMAP_4 permit 1
match ip address 125
!
route-map SDM_RMAP_5 permit 1
match ip address 126
!
route-map SDM_RMAP_6 permit 1
match ip address 127
!
route-map SDM_RMAP_7 permit 1
match ip address 128
!
route-map SDM_RMAP_1 permit 1
match ip address 122
!
route-map SDM_RMAP_3 permit 1
match ip address 124
!
route-map SDM_RMAP_8 permit 1
match ip address 129
!
route-map SDM_RMAP_9 permit 1
match ip address 130
!
!
!
radius-server host IP ADDRESS auth-port 1645 acct-port 1646
radius-server key 7 KEYHERE
!
control-plane
!
!
!
!
!
!
!
!
!
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
exec-timeout 60 0
line aux 0
password 7 PASSWORD
modem InOut
modem autoconfigure type mica
transport input all
speed 38400
flowcontrol hardware
line vty 0 4
exec-timeout 60 0
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17180116
ntp server PUBLIC IP source GigabitEthernet0/1
!
webvpn gateway gateway_1
ip address PUBLIC IP port 443
http-redirect port 80
ssl trustpoint Thawte
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn context VPN
title "Company - WebVPN"
logo file logo.jpg
title-color #009933
secondary-color white
text-color black
ssl authenticate verify all
!
login-message "You must be authorised to use this service. Disconnect immediate
ly if you are not an authorised user."
!
policy group policy_1
functions svc-enabled
svc address-pool "VPN_Pool"
svc default-domain "domain.com"
svc split include 10.100.0.0 255.255.0.0
svc split include 10.101.0.0 255.255.0.0
svc split include 10.102.0.0 255.255.0.0
svc split include 10.103.0.0 255.255.0.0
svc split include 10.104.0.0 255.255.0.0
svc split include 10.105.0.0 255.255.0.0
svc split include 10.106.0.0 255.255.0.0
svc split include 10.107.0.0 255.255.0.0
svc split include 10.108.0.0 255.255.0.0
svc split include 10.109.0.0 255.255.0.0
svc split include 10.110.0.0 255.255.0.0
svc split include 10.111.0.0 255.255.0.0
svc split include 10.112.0.0 255.255.0.0
svc split include 10.113.0.0 255.255.0.0
svc split include 10.114.0.0 255.255.0.0
svc split include 10.115.0.0 255.255.0.0
svc split include 10.116.0.0 255.255.0.0
svc split include 10.117.0.0 255.255.0.0
svc split include 10.118.0.0 255.255.0.0
svc split include 10.140.0.0 255.255.0.0
svc split include 10.148.0.0 255.255.0.0
svc split include 10.149.0.0 255.255.0.0
svc split include 10.150.0.0 255.255.0.0
svc split include 10.147.0.0 255.255.0.0
svc split include 10.119.0.0 255.255.0.0
svc split include 10.146.0.0 255.255.0.0
svc split include 172.16.0.0 255.255.0.0
svc split include 192.168.0.0 255.255.0.0
svc split include 10.1.1.0 255.255.255.0
svc dns-server primary 10.101.1.3
svc dns-server secondary 10.101.1.4
svc wins-server primary 10.101.1.3
default-group-policy policy_1
aaa authentication list sdm_vpn_xauth_ml_1
aaa accounting list radius
gateway gateway_1 domain vpn
inservice
!
!
end
Router#
I'm not sure, I have a feeling perhaps SSL isn't working properly, that or could a certificate issue cause this problem?
Thanks.
--------------------------
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
aaa new-model
!
!
aaa authentication login default local group radius
aaa authentication login sdm_vpn_xauth_ml_1 group radius local
aaa authentication ppp default group radius
aaa authentication dot1x default group radius
aaa authorization exec default local group radius
aaa authorization network default group radius
aaa authorization network sdm_vpn_group_ml_1 group radius
aaa authorization network sdm_vpn_group_ml_4 local
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
!
aaa session-id common
!
resource policy
!
clock timezone
!
!
ip cef
!
!
ip domain name domain.net
ip name-server 10.101.1.3
!
voice-card 0
no dspfarm
!
!
crypto pki trustpoint TP-self-signed-1676
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1676
!
crypto pki trustpoint Thawte
enrollment terminal
serial-number none
fqdn vpn.company.com
ip-address none
password
subject-name O=Company, OU=MIS, CN=vpn.company.com, C=AU, ST=
VIC, L=Melbourne
crl query ldap://crl.thawte.com/Thaw
revocation-check crl
rsakeypair vpn.company.com
regenerate
!
!
crypto pki certificate chain TP-self-signed-16764
certificate self-signed 01
CRYPTO STUFF HERE
quit
crypto pki certificate chain Thawte
certificate 7CRYPTO STUFF HERE
CRYPTO STUFF HERE
quit
certificate ca 01
quit
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group VPN
key CRYPTO STUFF HERE
dns 10.101.1.4 10.101.1.3
wins 10.101.1.4
domain company.com
pool VPN_Pool
acl 121
include-local-lan
max-users 48
banner ^CBy logging on you acknowledge and agree that you are aware of and will
comply with the companys computer usage policies. Also that you are aware the c
ompany conducts surveillance of staff computer use and that you are responsible
for all activity
in your username.
Disciplinary action for unauthorised, illegal, or fraudulent use may follow, and
could include dismissal and/or legal prosecution. You must obtain and read a co
py of the Acceptable Use Policy prior to using the system. ^C
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA3 esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA3
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_4
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
no ip address
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
ip address 10.100.1.1 255.255.0.0
ip nat inside
ip inspect sdm_ins_in_101 in
ip virtual-reassembly
!
interface GigabitEthernet0/0.120
description $ETH-LAN$
encapsulation dot1Q 120
ip address 10.120.1.254 255.255.0.0
ip access-group 120 in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/0.150
description $ETH-LAN$
encapsulation dot1Q 150
ip address 10.150.1.1 255.255.0.0
ip access-group 150 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip flow egress
ip nat inside
ip inspect sdm_ins_in_101 in
ip virtual-reassembly
!
interface GigabitEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-W
ip address PUBLIC IP
ip access-group 2101 in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface FastEthernet0/0/0
switchport access vlan 200
!
interface FastEthernet0/0/1
switchport access vlan 200
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Virtual-Dot11Radio1
no ip address
!
interface Virtual-PPP1
no ip address
!
interface Vlan1
no ip address
!
!
interface Virtual-TokenRing1
no ip address
ring-speed 16
!
router rip
version 2
network 10.0.0.0
!
ip local pool VPN_Pool 10.120.1.2 10.120.1.50
ip route 0.0.0.0 0.0.0.0 PUBLIC IP
ip route 10.1.0.0 255.255.0.0 10.100.1.2
ip route 10.2.0.0 255.255.0.0 10.100.1.2
ip route 10.3.0.0 255.255.0.0 10.100.1.2
ip route 172.16.0.0 255.255.0.0 10.100.1.2
ip route 192.168.0.0 255.255.0.0 10.100.1.2
!
ip flow-cache timeout active 1
ip flow-export version 5
ip flow-top-talkers
top 15
sort-by bytes
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 10.101.1.7 25 PUBLIC IP 25 route-map SDM_R
MAP_8 extendable
ip nat inside source static tcp 10.101.1.19 80 PUBLIC IP 80 route-map SDM_
RMAP_9 extendable
ip nat inside source static tcp 10.101.1.19 443 PUBLIC IP 443 route-map SD
M_RMAP_9 extendable
ip nat inside source static tcp 10.101.1.19 1494 PUBLIC IP 1494 route-map
SDM_RMAP_9 extendable
ip nat inside source static tcp 10.102.1.5 22 PUBLIC IP 29 route-map SDM_R
MAP_11 extendable
ip nat inside source static tcp 10.101.1.10 80 PUBLIC IP 80 route-map SDM_
RMAP_4 extendable
ip nat inside source static tcp 10.101.1.10 443 PUBLIC IP 443 route-map SD
M_RMAP_5 extendable
ip nat inside source static tcp 10.101.1.7 80 PUBLIC IP 80 route-map SDM_R
MAP_10 extendable
ip nat inside source static tcp 10.101.1.7 443 PUBLIC IP9 443 route-map SDM
_RMAP_7 extendable
ip nat inside source static tcp 10.101.1.108 23 PUBLIC IP 23 route-map SDM
_RMAP_13 extendable
ip nat inside source static tcp 10.101.1.3 80 PUBLIC IP 80 route-map SDM_R
MAP_3 extendable
ip nat inside source static tcp 10.101.1.3 443 PUBLIC IP 443 route-map SDM
_RMAP_6 extendable
!
!
!
!
route-map SDM_RMAP_11 permit 1
match ip address 132
!
route-map SDM_RMAP_10 permit 1
match ip address 131
!
route-map SDM_RMAP_13 permit 1
match ip address 134
!
route-map SDM_RMAP_4 permit 1
match ip address 125
!
route-map SDM_RMAP_5 permit 1
match ip address 126
!
route-map SDM_RMAP_6 permit 1
match ip address 127
!
route-map SDM_RMAP_7 permit 1
match ip address 128
!
route-map SDM_RMAP_1 permit 1
match ip address 122
!
route-map SDM_RMAP_3 permit 1
match ip address 124
!
route-map SDM_RMAP_8 permit 1
match ip address 129
!
route-map SDM_RMAP_9 permit 1
match ip address 130
!
!
!
radius-server host IP ADDRESS auth-port 1645 acct-port 1646
radius-server key 7 KEYHERE
!
control-plane
!
!
!
!
!
!
!
!
!
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
exec-timeout 60 0
line aux 0
password 7 PASSWORD
modem InOut
modem autoconfigure type mica
transport input all
speed 38400
flowcontrol hardware
line vty 0 4
exec-timeout 60 0
privilege level 15
transport input telnet ssh
line vty 5 15
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp clock-period 17180116
ntp server PUBLIC IP source GigabitEthernet0/1
!
webvpn gateway gateway_1
ip address PUBLIC IP port 443
http-redirect port 80
ssl trustpoint Thawte
inservice
!
webvpn install svc flash:/webvpn/svc.pkg
!
webvpn context VPN
title "Company - WebVPN"
logo file logo.jpg
title-color #009933
secondary-color white
text-color black
ssl authenticate verify all
!
login-message "You must be authorised to use this service. Disconnect immediate
ly if you are not an authorised user."
!
policy group policy_1
functions svc-enabled
svc address-pool "VPN_Pool"
svc default-domain "domain.com"
svc split include 10.100.0.0 255.255.0.0
svc split include 10.101.0.0 255.255.0.0
svc split include 10.102.0.0 255.255.0.0
svc split include 10.103.0.0 255.255.0.0
svc split include 10.104.0.0 255.255.0.0
svc split include 10.105.0.0 255.255.0.0
svc split include 10.106.0.0 255.255.0.0
svc split include 10.107.0.0 255.255.0.0
svc split include 10.108.0.0 255.255.0.0
svc split include 10.109.0.0 255.255.0.0
svc split include 10.110.0.0 255.255.0.0
svc split include 10.111.0.0 255.255.0.0
svc split include 10.112.0.0 255.255.0.0
svc split include 10.113.0.0 255.255.0.0
svc split include 10.114.0.0 255.255.0.0
svc split include 10.115.0.0 255.255.0.0
svc split include 10.116.0.0 255.255.0.0
svc split include 10.117.0.0 255.255.0.0
svc split include 10.118.0.0 255.255.0.0
svc split include 10.140.0.0 255.255.0.0
svc split include 10.148.0.0 255.255.0.0
svc split include 10.149.0.0 255.255.0.0
svc split include 10.150.0.0 255.255.0.0
svc split include 10.147.0.0 255.255.0.0
svc split include 10.119.0.0 255.255.0.0
svc split include 10.146.0.0 255.255.0.0
svc split include 172.16.0.0 255.255.0.0
svc split include 192.168.0.0 255.255.0.0
svc split include 10.1.1.0 255.255.255.0
svc dns-server primary 10.101.1.3
svc dns-server secondary 10.101.1.4
svc wins-server primary 10.101.1.3
default-group-policy policy_1
aaa authentication list sdm_vpn_xauth_ml_1
aaa accounting list radius
gateway gateway_1 domain vpn
inservice
!
!
end
Router#
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.