Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment815-VPN/K9 - 815 Integrated Services Router
61626364656667686970
BETA DRAFT REVIEW—CISCO CONFIDENTIAL
Configuring Security Features
Configuring SSL VPN
2
Cisco 3900 Series, 2900 Series, and 1900 Series Integrated Services Routers Software Configuration Guide
Configuring SSL VPN
The Secure Socket Layer Virtual Private Network (SSL VPN) feature (also known as WebVPN) provides
support, in Cisco IOS software, for remote user access to enterprise networks from anywhere on the
Internet. Remote access is provided through a SSL–enabled SSL VPN gateway. The SSL VPN gateway
allows remote users to establish a secure VPN tunnel using a web browser. This feature provides a
comprehensive solution that allows easy access to a broad range of web resources and web-enabled
applications using native HTTP over SSL (HTTPS) browser support. SSL VPN delivers three modes of
SSL VPN access: clientless, thin-client, and full-tunnel client support.
For additional information about configuring SSL VPN, see the “SSL VPN” section of Cisco IOS
Security Configuration Guide: Secure Connectivity, Release 12.4T at:
http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/12_4t/
sec_secure_connectivity_12_4t_book.html.
Authentication, Authorization, and Accounting
Authentication, Authorization, and Accounting (AAA) network security services provide the primary
framework through which you set up access control on your router. Authentication provides the method
of identifying users, including login and password dialog, challenge and response, messaging support,
and, depending on the security protocol you choose, encryption. Authorization provides the method for
remote access control, including one-time authorization or authorization for each service, per-user
account list and profile, user group support, and support of IP, Internetwork Packet Exchange (IPX),
AppleTalk Remote Access (ARA), and Telnet. Accounting provides the method for collecting and
sending security server information used for billing, auditing, and reporting, such as user identities, start
and stop times, executed commands (such as PPP), number of packets, and number of bytes.
AAA uses protocols such as Remote Authentication Dial-In User Service (RADIUS), Terminal Access
Controller Access Control System Plus (TACACS+), or Kerberos to administer its security functions. If
your router is acting as a network access server, AAA is the means through which you establish
communication between your network access server and your RADIUS, TACACS+, or Kerberos security
server.
For information about configuring AAA services and supported security protocols, authentication
authorization, accounting, RADIUS, TACACS+, or Kerberos, see the following sections of Cisco IOS
Security Configuration Guide: Securing User Services, Release 12.4T at:
http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/
12_4T/sec_securing_user_services_12.4t_book.html:
Configuring Authentication
Configuring Authorization
Configuring Accounting
Configuring RADIUS
Configuring TACACS+
Configuring Kerberos