Network Address Translation (NAT) configuration is sometimes used to forward TCP port 443 traffic destined
to the WAN interface of a router through an internal webserver.
There are two methods of implementing Cisco IOS SSL VPN on a preexisting NAT configuration. The Cisco-recommended method is to use the WebVPN gateway IP address as the secondary address on the WAN interface. This method helps improve the WebVPN throughput performance. The following is a sample configuration of the recommended method on Cisco IOS SSL VPN:
In the second method the WebVPN gateway uses a private IP address configured on a loopback interface and performs a NAT operation to convert the private IP address to a publically routable address. The following configuration is not supported on Cisco IOS SSL VPN because this configuration causes packets to become process-switched instead of being Cisco Express Forwarding-switched:
page17image11792
interface GigabitEthernet 0/0
ip address 10.1.1.1 255.255.255.0
ip address 10.1.1.2 255.255.255.0 secondary !
webvpn gateway ssl_vpn
ip address 10.1.1.2 port 443
interface Loopback 10
ip address 192.0.2.1 255.255.255.0
!
interface GigabitEthernet 0/0
description WAN interface
ip address 10.1.1.1 255.0.0.0
!
ip nat inside source static 192.0.2.1 10.1.1.2 !
webvpn gateway ssl_vpn
ip address 192.0.2.1 port 443
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2018-2-23 10:20:19
置顶卡
喧嚣卡
变色卡
千斤顶