C H A P T E R 2 Commands for the Catalyst 6500 Series Switch WebVPN Module This chapter contains an alphabetical listing of commands for the Catalyst 6500 series WebVPN Module.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module clear webvpn nbns clear webvpn nbns To reset the NetBIOS name service (NBNS) cache on the WebVPN Services Module, use the clear webvpn nbns command. clear webvpn nbns [context {name | all}] Syntax Description context (Optional) Clears the statistics for a specific context. name Specifies the name of the context. all Specifies all contexts. Defaults This command has no default settings.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module clear webvpn platform clear webvpn platform To reset the platform extenstions on the WebVPN Services Module, use the clear webvpn platform command. clear webvpn platform {conn | session | stats [type] | tunnel stats} Syntax Description conn Clears global connection. session Clears session information. stats Clears statistics information. type (Optional) See the “Usage Guidelines” for available options.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module clear webvpn platform • pki [pki_type]—Clears PKI statistics information. The available options for the pki_type variable are as follows: – auth—Certificate authentication and authorization statistics. – cache—Peer certificate cache statistics. – cert-header—Certificate header insertion statistics. – expiring—Certificate expiration warning statistics. – ipc—Interprocessor communication statistics. – memory—Memory usage statistics.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module clear webvpn session clear webvpn session To clear the WebVPN session, use the clear webvpn session command. clear webvpn session {context {name | all} | user name {context {name | all}}} Syntax Description context Clears the statistics for a specific context. name Specifies the name of the context. all Specifies all contexts. user name Specifies the user name. Defaults This command has no default settings.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module clear webvpn stats clear webvpn stats To reset the statistics counters that are maintained in the different system components on the WebVPN Services Module, use the clear webvpn stats command.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto key export rsa pem crypto key export rsa pem To export a PEM-formatted RSA key to the WebVPN Services Module, use the crypto key export rsa pem command. crypto key export rsa keylabel pem {terminal | url url} {{3des | des} pass_phrase} Syntax Description keylabel Name of the key. terminal Displays the request on the terminal. url url Specifies the URL location.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto key export rsa pem Examples This example shows how to export a key from the WebVPN Services Module: wwbvpn(config)# crypto key export rsa test-keys pem url scp: 3des password % Key name:test-keys Usage:General Purpose Key Exporting public key... Address or name of remote host []? 7.0.0.7 Destination username [ssl-proxy]? lab Destination filename [test-keys.pub]? Password: Writing test-keys.pub Writing file to scp://lab@7.0.0.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto key generate crypto key generate To generate RSA key pairs, use the crypto key generate command. crypto key generate rsa {usage-keys|general-keys} {label key-label} [exportable] [modulus size] Syntax Description general-keys Generate a general purpose RSA key pair for signing and encryption usage-keys Generate seperate RSA key pairs for signing and encryption label key-label Specifies the key.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto key generate Examples This example shows how to generate special-usage RSA keys: crypto key generate rsa usage-keys The name for the keys will be: myrouter.example.com Choose the size of the key modulus in the range of 360 to 2048 for your Signature Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus[512]? Generating RSA keys.... [OK].
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto key import rsa pem crypto key import rsa pem To import a PEM-formatted RSA key from an external system, use the crypto key import rsa pem command. crypto key import rsa keylabel pem [usage-keys] {terminal | url url} [exportable] passphrase} Syntax Description keylabel Name of the key. usage-keys (Optional) Specifies that two special-usage key pairs should be generated, instead of one general-purpose key pair.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto key import rsa pem Usage Guidelines The pass phrase can be any phrase including spaces and punctuation except for a question mark (?), which has special meaning to the Cisco IOS parser. Pass-phrase protection associates a pass phrase with the key. The pass phrase is used to encrypt the key when it is exported. When this key is imported, you must enter the same pass phrase to decrypt it.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki authenticate crypto pki authenticate To obtain the certificate that contains the public key of the certificate authority, use the crypto pki authenticate command. crypto pki authenticate trustpoint-label Syntax Description trustpoint-label Defaults This command has no default settings. Command Modes Global configuration Command History Release Modification WebVPN Module Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki certificate crypto pki certificate To configure and define the PKI implementation on the WebVPN Services Module, use the crypto pki certificate command. crypto pki certificate {chain name | map map_name | query | validate trustpoint-label} Syntax Description chain Identifies certificates. name CA server name. map Defines certificate attributes map. map_name CA map tag name.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki crl request crypto pki crl request To configure and define the PKI implementation on the WebVPN Services Module, use the crypto pki crl request command. crypto pki crl request name Syntax Description name Defaults This command has no default settings. Command Modes Global configuration Command History Release Modification WebVPN Module Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki enroll crypto pki enroll To request a certificate for the trustpoint, use the crypto pki enroll command. crypto pki enroll trustpoint-label Syntax Description trustpoint-label Defaults This command has no default settings. Command Modes Global configuration Command History Release Modification WebVPN Module Release 1.1 Support for this command was introduced on the Catalyst 6500 series switches.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki export pem crypto pki export pem To export privacy-enhanced mail (PEM) files from the WebVPN Services Module, use the crypto pki export pem command. crypto pki export trustpoint_label pem {terminal {des | 3des} {url url}} pass_phrase Syntax Description trustpoint-label Name of the trustpoint. terminal Displays the request on the terminal. des Specifies the 56-bit DES-CBC encryption algorithm.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki export pem You can change the default file extensions when prompted. The default file extensions are as follows: Examples • public key (.pub) • private key (.prv) • certificate (.crt) • CA certificate (.ca) • signature key (-sign) • encryption key (-encr) This example shows how to export a PEM-formatted file on the WebVPN Services Module: wwbvpn(config)# crypto pki export TP5 pem url tftp://10.1.1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki export pkcs12 crypto pki export pkcs12 To export a PKCS12 file from the WebVPN Services Module, use the crypto pki export pkcs12 command. crypto pki export trustpoint_label pkcs12 file_system [pkcs12_filename] pass_phrase Syntax Description trustpoint_label Specifies the trustpoint label. file_system Specifies the file system. Valid values for file_system are as follows archive:—Exports to archive: file system.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki export pkcs12 If you do not specify the pkcs12_filename value, you will be prompted to accept the default filename (the default filename is the trustpoint_label value) or enter the filename. For the ftp: or tftp: value, include the full path in the pkcs12_filename value. You will receive an error if you enter the pass phrase incorrectly.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki import pem crypto pki import pem To import a PEM-formatted file to the WebVPN Services Module, use the crypto pki import pem command. crypto pki import trustpoint_label pem [exportable] {terminal | url url | usage-keys} pass_phrase Syntax Description trustpoint-label Name of the trustpoint. exportable (Optional) Specifies the key that can be exported. terminal Displays the request on the terminal.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki import pem Usage Guidelines You will receive an error if you enter the pass phrase incorrectly.The pass phrase can be any phrase including spaces and punctuation except for the question mark (?), which has special meaning to the Cisco IOS parser. Pass-phrase protection associates a pass phrase with the key. The pass phrase is used to encrypt the key when it is exported.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki import pkcs12 crypto pki import pkcs12 To import a PKCS12 file to the WebVPN Services Module, use the crypto ca import pkcs12 command. crypto pki import trustpoint_label pkcs12 file_system [pkcs12_filename] pass_phrase Syntax Description trustpoint_label Specifies the trustpoint label. file_system Specifies the file system. Valid values for file_system are as follows: archive:—Exports to archive: file system.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki import pkcs12 You will receive an error if you enter the pass phrase incorrectly. If there is more than one level of CA, the root CA and all the subordinate CA certificates are exported in the PKCS12 file. Examples This example shows how to import a PKCS12 file using SCP: wwbvpn(config)# Address or name Source username Source filename crypto ca import TP2 pkcs12 scp: sky is blue of remote host []? 10.1.1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki profile enrollment crypto pki profile enrollment To define an enrollment profile, use the crypto pki profile enrollment command in global configuration mode. To delete all information associated with this enrollment profile, use the no form of this command. crypto pki profile enrollment label Syntax Description label Defaults This command has no default settings.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki trustpoint crypto pki trustpoint To enter the configuration submode for the certificate-authority trustpoint and define the certificate-authority trustpoint, use the crypto pki trustpoint command. Use the no form of this command to remove any commands that you have entered in the WebVPN subcommand mode from the configuration.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki trustpoint Table 2-1 Certificate-Authority Trustpoint Submode Commands Command Purpose and Guidelines authorization {list listname | username {subjectname subjectname}} Authorization parameters. Defaults list listname—Specifies the AAA authorization list. username subjectname subjectname—Sets parameters for the different certificate fields that are used to build the AAA username.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki trustpoint Table 2-1 Certificate-Authority Trustpoint Submode Commands (continued) Command Purpose and Guidelines Defaults enrollment [http-proxy][mode ra] [retry {period minutes | count count} ] url url Specifies the enrollment parameters for your certificate authority as follows: period minutes—1 • http-proxy—HTTP proxy server for enrollment. • mode ra—Registration authority mode.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki trustpoint Table 2-1 Certificate-Authority Trustpoint Submode Commands (continued) Command Purpose and Guidelines Defaults match certificate map_name [map | override | Associates a certificate-based access control list skip] (ACL) defined with the crypto pki certificate map command. map_name—Matches the map_name argument specified in a previously defined crypto pki certificate map map_name command.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module crypto pki trustpoint Table 2-1 Certificate-Authority Trustpoint Submode Commands (continued) Command Purpose and Guidelines subject-name line (Optional) Configures the host name of the WebVPN gateway. usage {ike | ssl-client | ssl-server} (Optional) Specifies the intended use for the certificate. vrf vrf Name of the VPN routing and forwarding instance (VRF) to use for enrollment and obtaining CRLs.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module debug webvpn debug webvpn To turn on the debug flags in different system components, use the debug webvpn command. Use the no form of this command to turn off the debug flags. debug webvpn [aaa | cifs | cookie | dns | emweb | http | package | platform [type] | port-forward | sock | timer | trie | tunnel | webservice] Syntax Description aaa Enables WebVPN AAA debugs. cifs Enables WebVPN CIFS. cookie Enables WebVPN cookie debugs.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module debug webvpn Usage Guidelines Note For the following options, module module has the following values: • fdu—FDU CPU • ssl1—SSL1 CPU • tcp1—TCP1 CPU • tcp2—TCP2 CPU The platform type has the following options: The platform app includes the following values: – app [module [module]]—App Record Layer – hdr [module [module]]—App HTTP Header Insertion – module [module]—Module to be debugged – url [module [module]]—App URL Rewrite Th
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module debug webvpn The platform pc includes the following values: – module [module]—Module to be debugged The platform pki includes the following values: – auth—Certificate authentication and authorization – ca-pool—CA Pool – cert—Certificate management – events—Events – history—Certificate history – ipc—IPC messages and buffers – key—Key management The platform remote includes the following values: – loop count [module [module]]—Remote debu
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module debug webvpn Examples This example shows how to turn on tunnel debugging: webvpn# debug webvpn tunnel webvpn# This example shows how to turn on App debugging: webvpn# debug webvpn platform app webvpn# This example shows how to turn on FDU debugging: webvpn# debug webvpn platform fdu webvpn# This example shows how to turn on IPC debugging: webvpn# debug webvpn platform ipc webvpn# This example shows how to turn on PKI debugging: web
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module do do To execute EXEC-level commands from global configuration mode or other configuration modes or submodes, use the do command. do command Syntax Description command Defaults This command has no default settings. Command Modes Global configuration or any other configuration mode or submode from which you are executing the EXEC-level command. Command History Release Modification WebVPN Module Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module nbns-list nbns-list To enter the nbnslist submode and configure NetBIOS Name Service (NBNS) servers, use the nbns-list command. Use the no form of this command to remove the specified list from the configuration. nbns-list name no nbns-list name Syntax Description name Defaults This command has no default settings. Command Modes WebVPN context submode Command History Release Modification WebVPN Module Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module nbns-list Table 2-2 NBNSlist Submode Commands Command Purpose and Guidelines Defaults nbns-server ip_addr Specifies a NetBIOS name service (NBNS) list and server address for [master] [timeout common Internet file system (CIFS) name resolution. You can configure timeout][retry retries] up to three servers. Note Timeout is 2 seconds. Retries is 2 retries. Supported only on Windows 2000 and Samba servers running on Linux.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module policy group policy group To define a group-policy template, associate a group-policy with a particular proxy server, and enter the group-policy submode, use the webvpn policy group command from context subcommand mode. Use the no form of this command to remove any commands that you have entered in the WebVPN subcommand mode from the configuration.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module policy group Table 2-3 Group-policy Commands Command Purpose and Guidelines Defaults All values are disabled. functions {file-access | Specifies the file function as follows: file-browse | Note You must enable file-access before you can enable file-entry| file-browse or file-entry. svc-enabled| svc-required} • file-access—Allows you to access the file servers that are listed on the home page.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module policy group Examples This example show how to configure the WebVPN context and the WebVPN group-policy: webvpn(config)# webvpn context cisco webvpn(config-webvpn-context)# policy group cisco_tunl webvpn(config-webvpn-group)# function svc-enabled webvpn(config-webvpn-group)# timeout idle 36000 webvpn(config-webvpn-group)# timeout session 144000 webvpn(config-webvpn-group)# svc address-pool "cisco_tunl_pool" webvpn(config-webvpn-group)#
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module port-forward port-forward To enter the port-forwarding submode and configure port-forwarding entries, use the port-forward command. Use the no form of this command to remove the given list from the configuration. port-forward listname no port-forward listname Syntax Description listname Defaults This command has no default settings.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module port-forward Table 2-4 Port-Forwarding Submode Commands (continued) Command Purpose and Guidelines local localport Specifies the local port that is listened upon; a localport value may be used only once within a given listname. Valid values are from 1 to 65535.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn context show webvpn context To display information about a specific context, use the show webvpn context command. show webvpn context name Syntax Description name Defaults This command has no default settings. Command Modes EXEC Command History Release Modification WebVPN Module Release 1.1 Support for this command was introduced on the Catalyst 6500 series switches. Examples Specifies the name of the context.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn dispatch show webvpn dispatch To display WebVPN dispatching information, use the show webvpn dispatch command. show webvpn dispatch {algorithm | member | stats} Syntax Description algorithm Displays the current content load balancing (CLB) algorithm. member Displays CLB member table infomation. stats Displays the dispatching statistics. Defaults This command has no default settings.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn dispatch This example shows how to display CLB member table infomation: webvpn# show webvpn dispatch member SSLVPN: CLB Member Table (Current RR Index 1): Member-Index Core-ID Symbolic-ID Weight ------------ ------- ----------- -----0 1 SwCidIos 5 1 7 SwCidVpn1 6 Quota ----3 2 webvpn# Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn gateway show webvpn gateway To display gateway information, use the show webvpn gateway command. show webvpn gateway [name] Syntax Description name Defaults This command has no default settings. Command Modes EXEC Command History Release Modification WebVPN Module Release 1.1 Support for this command was introduced on the Catalyst 6500 series switches. Examples (Optional) Name of the gateway.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn install show webvpn install To display information on installed WebVPN files and packages, use the show webvpn install command. show webvpn install {file filename | package {csd | svc}| status {csd | svc}} Syntax Description file Displays the contents of the file. filename Name of the file. package Displays the contents of the package. csd Specifies the Cisco Secure Desktop (CDP).
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn install File: File: File: File: Total \webvpn\stc\1\images\title.gif, size: 2739 \webvpn\stc\1\index.html, size: 4725 \webvpn\stc\2\index.html, size: 325 \webvpn\stc\version.txt, size: 63 files: 18 This example shows how to display the contents of a specific file: webvpn# show web install file \webvpn\stc\version.txt SSLVPN File \webvpn\stc\version.txt installed: CISCO STC win2k+ 1.0.0 1,1,1 Tue 04/08/2005 15:31:20.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn nbns show webvpn nbns To display information on WebVPN NBNS cache, use the show webvpn nbns command. show webvpn nbns context {name | all} Syntax Description name Name of the context. all Displays information for all contexts. Defaults This command has no default settings. Command Modes EXEC Command History Release Modification WebVPN Module Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform buffers show webvpn platform buffers To display information about TCP buffer usage, use the show webvpn platform buffers command. show webvpn-platform buffers [module module] Syntax Description module module (Optional) Valid values for module are as follows: all—all CPUs fdu—FDU CPU ssl1—SSL1 CPU tcp1—TCP1 CPU Defaults This command has no default settings.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform context show webvpn platform context To display information on WebVPN context, use the show webvpn platform context command. show webvpn platform context name [module module] Syntax Description name Name of the context. module module Valid values for module are as follows: all—all CPUs fdu—FDU CPU ssl1—SSL1 CPU tcp1—TCP1 CPU tcp2—TCP2 CPU Defaults This command has no default settings.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform context Connection Rx Buffer Size : 32768 Connection Tx Buffer Size : 65536 TOS Carryover Disabled Service entry in cpu 1: Cipher suites: 0xF Versions: 0x3 Options: 0x6 Current Certificate Index: 0x0 0x0 0x0 0x0 0x0 0x0 0x0 Certificate Index at 0 location: 0x0 0x0 0x0 0x0 0x0 0x0 0x0 Certificate Index at 1 location: 0x0 0x0 0x0 0x0 0x0 0x0 0x0 Flags: 0x202 Handshake timeout: 0 secs Session timeout: 0 secs Session ca
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform crash-info show webvpn platform crash-info To collect information about the software-forced reset from the WebVPN Services Module, use the show webvpn platform crash-info command. show webvpn platform crash-info [brief | details] Syntax Description brief (Optional) Collects a small subset of software-forced reset information, limited to processor registers.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform crash-info s4 : 00BA0000, s5 : 00BA0000, s6 : 01050000, s7 : 01050000 t8 : 0D0D0D0D, t9 : 00000000, k0 : 00400001, k1 : 00000000 gp : 00FC65E0, sp : 028E16D0, s8 : 00000000, ra : 00374160 LO : F88923EA, HI : DA46BB94, BADVADDR : B60ED79D EPC : 00374110, ErrorEPC : BFC00C70, SREG : 3400FD03 Cause 00004000 (Code 0x0): Interrupt exception CACHE ERROR registers ------------------- CacheErrI: 00000000, CacheErrD: 00000
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform crash-info LO : 00000000, HI : 0000004E, BADVADDR : 12630E54 EPC : 0020A994, ErrorEPC : F7EF23EA, SREG : 34007E03 Cause 00008014 (Code 0x5): Address Error (store) exception CACHE ERROR registers ------------------- CacheErrI: 00000000, CacheErrD: 00000000 ErrCtl: 00000000, CacheErrDPA: 0000000000000000 ++++++++++ CORE 1 (SSL Processor #1) ++++++++++++++++++++++++ HW_CID: 3 APPLICATION VERSION: 2005.03.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform gateway show webvpn platform gateway To display gateway information WebVPN, use the show webvpn platform gateway command. show webvpn platform gateway name [debug | module module] Syntax Description name Name of the gateway. debug (Optional) Displays debug information for the gateway.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform gateway This example shows how to display debug information for a specific gateway: webvpn# show webvpn platform gateway s1 debug IP: 10.1.2.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform mac address show webvpn platform mac address To display the current MAC address, use the show webvpn platform mac address command. show webvpn platform mac address Syntax Description This command has no arguments or keywords. Defaults This command has no default settings. Command Modes EXEC Command History Release Modification WebVPN Module Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform policy show webvpn platform policy To display the SSL or TCP policy information, use the show webvpn platform policy command. show webvpn platform policy {ssl | tcp} name Syntax Description ssl Specifies the SSL policy. tcp Specifies the TCP policy. name Name of the SSL or TCP policy. Defaults This command has no default settings.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform version show webvpn platform version To display the current image version, use the show webvpn platform version command. show webvpn platform version Syntax Description This command has no arguments or keywords. Defaults This command has no default settings. Command Modes EXEC Command History Release Modification WebVPN Module Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn platform vlan show webvpn platform vlan To display VLAN information, use the show webvpn platform vlan command. show webvpn platform vlan [vlan-id ] Syntax Description vlan-id Defaults This command has no default settings. Command Modes EXEC Command History Release Modification WebVPN Services Module Release 1.1 Support for this command was introduced on the Catalyst 6500 series switches.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn policy show webvpn policy To display the configured WebVPN policies, use the show webvpn policy command. show webvpn policy {group name context name | tcp [name] | ssl [name]} Syntax Description group name context name Displays the group policies for the specified context. tcp Displays the configured TCP policies. ssl Displays the configured SSL policies. name (Optional) Policy name.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn session show webvpn session To display information about the WebVPN session, use the show webvpn session command. show webvpn session {context {name | all} | user name context {name | all}} Syntax Description context name Specifies the context name. user name Specifies the user name. Defaults This command has no default settings. Command Modes EXEC Command History Release Modification WebVPN Module Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn stats show webvpn stats To display information about the statistics counter, use the show webvpn stats command. show webvpn stats [type] Syntax Description type Defaults This command has no default settings. Command Modes EXEC Command History Release Modification WebVPN Services Module Release 1.1 Support for this command was introduced on the Catalyst 6500 series switches.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn stats Mangling statistics: Relative urls : Non-http(s) absolute urls: Interesting tags : Interesting attributes : Embedded script statement: Inline scripts : HTML comments : HTTP/1.1 requests : GET requests : CONNECT requests : Through requests : Pipelined requests : Processed req hdr bytes : HTTP/1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn stats Socket statistics: Sockets in use : 2 Sock Data Buffers in use : 0 Select timers in use : 2 Sock Tx Blocked : 49 Sock Rx Blocked : 0 Sock UDP Connects : 0 Sock Premature Close : 0 Port Forward statistics: Client in pkts in bytes out pkts out bytes Tunnel Statistics: Active connections Peak connections Connect succeed Reconnect succeed DPD timeout Client in CSTP frames in CSTP data in CSTP control in CSTP bytes out CSTP
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn stats • Mangling statistics: – Close after response—Number of connections that were closed after sending responses because of lack of content length. • CIFS statistics: – SMB-related counters per context: TCP/UDP VC's—Back-end TCP/UDP connections established successfully so far. Active VC's—Currently active TCP/UDP connections. Active Contexts—Currently active SMB contexts.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn stats Authentication fails—CIFS HTTP requests processed without a WebVPN cookie or an expired WebVPN cookie. Operations Aborted—Back-end operations that were aborted because the HTTP connection was lost. Indicates that CIFS transactions are not completing successfully. Pending Close—Number of times close is pending, waiting for Tx to unblock and finish sending pending data.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn stats File Read Ops File Write Ops Folder Create Ops File Delete Ops File Rename Ops : : : : : 0 0 0 0 0 File Read Fails File Write Fails Folder Create Fails File Delete Fails File Rename Fails : : : : : 0 0 0 0 0 : : : : : : 0 5d16h 5 0 0 0 webvpn# This example shows how to display the statistics for a specific context: webvpn# show web stats context WebVPN context name : tunnel User session statistics: Active user
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module show webvpn stats Sock UDP Connects Sock Premature Close Port Forward statistics: Client in pkts in bytes out pkts out bytes Tunnel Statistics: Active connections Peak connections Connect succeed Reconnect succeed DPD timeout Client in CSTP frames in CSTP data in CSTP control in CSTP bytes out CSTP frames out CSTP data out CSTP control out CSTP bytes : 0 : 0 : : : : 0 0 0 0 : : : : : 0 1 6 1 0 : : : : : : : : 23098 23093 5 495683
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module snmp-server enable snmp-server enable To configure the SNMP traps and informs, use the snmp-server enable command. Use the no form of this command to disable SNMP traps and informs. [no] snmp-server enable {informs | traps {ipsec | isakmp | snmp | tty}} Syntax Description informs Enables SNMP informs. traps Enables SNMP traps. ipsec Enables IPSec traps. See the “Usage Guidelines” section for additional options.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module snmp-server enable Examples This example shows how to enable SNMP informs: wwbvpn(config)# snmp-server enable informs wwbvpn(config)# This example shows how to enable traps: wwbvpn(config)# snmp-server enable traps wwbvpn(config)# This example shows how to enable authentication traps: wwbvpn(config)# snmp-server enable traps snmp authnetication wwbvpn(config)# Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module svc svc To configure the tunnel capabilities for a group-policy context, use the svc command. Use the no form of this command to remove any of the svc commands that you have entered. svc command Syntax Description command Defaults See Table 2-5 for the default settings. Command Modes WebVPN group context submode Command History Release Modification WebVPN Module Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module svc Table 2-5 Tunnel-Mode Configuration Commands (continued) Command Purpose and Guidelines Default dpd-interval {client timeout} | {gateway timeout} Specifies the dead peer detection (DPD) timeout values for Disabled for the the gateway or the client, if tunnel-mode WebVPN is gateway and the enabled for the user or group. The DPD timer is used to client. determine if a DPD packet needs to be sent to the peer.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module svc Table 2-5 Tunnel-Mode Configuration Commands (continued) Command Purpose and Guidelines Default rekey method {new-tunnel | ssl} Specifies the rekey method. Entering the no form of this command disables rekeying. If rekeying is enabled, the default method is ssl. no rekey method rekey {time interval} no rekey time • new-tunnel—Terminates the existing tunnel and requests a new tunnel. • ssl—Initiates an SSL rehandshake.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module url-list url-list To enter the URL submode to configure the URL lists, use the url-list command. Use the no form of this command to remove the given list from the configuration. url-list listname no url-list listname Syntax Description listname Defaults This command has no default settings. Command Modes WebVPN context submode Command History Release Modification WebVPN Module Release 1.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module url-list You can specify multiple URLs for a given list name. This example shows how to configure the URL list: webvpn(config-webvpn-context)# url-list cisco webvpn(config-webvpn-url)# url-text cisco url-value http://cisco.com webvpn(config-webvpn-url)# url-text CNN url-value http://cnn.com webvpn(config-webvpn-url)# url-text yahoo url-value http://yahoo.com webvpn(config-webvpn-url)# url-text payroll url-value http://10.1.2.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context webvpn context To enter the WebVPN context submode and define the virtual WebVPN context, use the webvpn context command. Use the no form of this command to remove any commands that you have entered in the WebVPN subcommand mode from the configuration. webvpn context [vpn-name] no webvpn context vpn-name Syntax Description vpn-name Defaults This command has no default settings.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-7 Virtual WebVPN Context Submode Commands Command Purpose and Guidelines Defaults gateway gateway-name {{domain-name domain-name} | {virtual-host hostname}} Specifies the corresponding virtual gateway instance configured on the secure gateway and the mapping methods (for example, IP address, URL, and domain name) as follows: Virtualization is performed through a unique IP address.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-7 Virtual WebVPN Context Submode Commands Command Purpose and Guidelines policy group policy-name Enters the group submode and allows you to configure group policy settings. See the policy group command for information on configuring the group policy. policy ssl policy-name Specifies the SSL policy that the SSL protocol uses. policy tcp policy-name Specifies the TCP policy that the TCP protocol uses.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-7 Virtual WebVPN Context Submode Commands Command Purpose and Guidelines Defaults url-list listname Enters the URL submode and allows you to configure the list of URLs that display on the portal Web page. See the url-list command for information on configuring the URL entries. vrf-name vrf-name Specifies the VRF domain configured for the virtual WebVPN context.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Azure3 193 205 205 Azure4 131 139 139 Beige 245 245 220 Bisque 255 228 196 Bisque1 255 228 196 Bisque2 238 213 183 Bisque3 205 183 158 Bisque4 139 125 107 Black 0 0 0 BlanchedAlmond 255 235 205 Blue 0 0 255 Blue1 0 0 255 Blue2 0 0 238 Blue3 0 0 205 Blue4 0 0 139 BlueViolet 138 43 226 Brow
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Chocolate 210 105 30 Chocolate1 255 127 36 Chocolate2 238 118 33 Chocolate3 205 102 29 Chocolate4 139 69 19 Coral 255 127 80 Coral1 255 114 86 Coral2 238 106 80 Coral3 205 91 69 Coral4 139 62 47 CornflowerBlue 100 149 237 Cornsilk 255 248 220 Cornsilk1 255 248 220 Cornsilk2 238 232 205 Cornsilk3
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B DarkOliveGreen4 110 139 61 DarkOrange 255 140 0 DarkOrange1 255 127 0 DarkOrange2 238 118 0 DarkOrange3 205 102 0 DarkOrange4 139 69 0 DarkOrchid 153 50 204 DarkOrchid1 191 62 255 DarkOrchid2 178 58 238 DarkOrchid3 154 50 205 DarkOrchid4 104 34 139 DarkRed 139 0 0 DarkSalmon 233 150 122 DarkSeaGreen
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B DimGrey 105 105 105 DodgerBlue 30 144 255 DodgerBlue1 30 144 255 DodgerBlue2 28 134 238 DodgerBlue3 24 116 205 DodgerBlue4 16 78 139 Firebrick 178 34 34 Firebrick1 255 48 48 Firebrick2 238 44 44 Firebrick3 205 38 38 Firebrick4 139 26 26 FloralWhite 255 250 240 ForestGreen 34 139 34 Gainsboro 220 220
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Gray18 46 46 46 Gray19 48 48 48 Gray2 5 5 5 Gray20 51 51 51 Gray21 54 54 54 Gray22 56 56 56 Gray23 59 59 59 Gray24 61 61 61 Gray25 64 64 64 Gray26 66 66 66 Gray27 69 69 69 Gray28 71 71 71 Gray29 74 74 74 Gray3 8 8 8 Gray30 77 77 77 Gray31 79 79 79 Gray32 82 82 82 Gray33 84 84 84 G
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Gray50 127 127 127 Gray51 130 130 130 Gray52 133 133 133 Gray53 135 135 135 Gray54 138 138 138 Gray55 140 140 140 Gray56 143 143 143 Gray57 145 145 145 Gray58 148 148 148 Gray59 150 150 150 Gray6 15 15 15 Gray60 153 153 153 Gray61 156 156 156 Gray62 158 158 158 Gray63 161 161 161 Gray64 163
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Gray83 212 212 212 Gray84 214 214 214 Gray85 217 217 217 Gray86 219 219 219 Gray87 222 222 222 Gray88 224 224 224 Gray89 227 227 227 Gray9 23 23 23 Gray90 229 229 229 Gray91 232 232 232 Gray92 235 235 235 Gray93 237 237 237 Gray94 240 240 240 Gray95 242 242 242 Gray96 245 245 245 Gray97 247
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Grey18 46 46 46 Grey19 48 48 48 Grey2 5 5 5 Grey20 51 51 51 Grey21 54 54 54 Grey22 56 56 56 Grey23 59 59 59 Grey24 61 61 61 Grey25 64 64 64 Grey26 66 66 66 Grey27 69 69 69 Grey28 71 71 71 Grey29 74 74 74 Grey3 8 8 8 Grey30 77 77 77 Grey31 79 79 79 Grey32 82 82 82 Grey33 84 84 84 Gr
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Grey50 127 127 127 Grey51 130 130 130 Grey52 133 133 133 Grey53 135 135 135 Grey54 138 138 138 Grey55 140 140 140 Grey56 143 143 143 Grey57 145 145 145 Grey58 148 148 148 Grey59 150 150 150 Grey6 15 15 15 Grey60 153 153 153 Grey61 156 156 156 Grey62 158 158 158 Grey63 161 161 161 Grey64 163
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Grey83 212 212 212 Grey84 214 214 214 Grey85 217 217 217 Grey86 219 219 219 Grey87 222 222 222 Grey88 224 224 224 Grey89 227 227 227 Grey9 23 23 23 Grey90 229 229 229 Grey91 232 232 232 Grey92 235 235 235 Grey93 237 237 237 Grey94 240 240 240 Grey95 242 242 242 Grey96 245 245 245 Grey97 247
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Ivory3 205 205 193 Ivory4 139 139 131 Khaki 240 230 140 Khaki1 255 246 143 Khaki2 238 230 133 Khaki3 205 198 115 Khaki4 139 134 78 Lavender 230 230 250 LavenderBlush 255 240 245 LavenderBlush1 255 240 245 LavenderBlush2 238 224 229 LavenderBlush3 205 193 197 LavenderBlush4 139 131 134 LawnGreen 124
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B LightGreen 144 238 144 LightGrey 211 211 211 LightPink 255 182 193 LightPink1 255 174 185 LightPink2 238 162 173 LightPink3 205 140 149 LightPink4 139 95 101 LightSalmon 255 160 122 LightSalmon1 255 160 122 LightSalmon2 238 149 114 LightSalmon3 205 129 98 LightSalmon4 139 87 66 LightSeaGreen 32 178 170
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Magenta4 139 0 139 Maroon 176 48 96 Maroon1 255 52 179 Maroon2 238 48 167 Maroon3 205 41 144 Maroon4 139 28 98 MediumAquamarine 102 205 170 MediumBlue 0 0 205 MediumOrchid 186 85 211 MediumOrchid1 224 102 255 MediumOrchid2 209 95 238 MediumOrchid3 180 82 205 MediumOrchid4 122 55 139 MediumPurple 147
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B Navy 0 0 128 NavyBlue 0 0 128 OldLace 253 245 230 OliveDrab 107 142 35 OliveDrab1 192 255 62 OliveDrab2 179 238 58 OliveDrab3 154 205 50 OliveDrab4 105 139 34 Orange 255 165 0 Orange1 255 165 0 Orange2 238 154 0 Orange3 205 133 0 Orange4 139 90 0 OrangeRed 255 69 0 OrangeRed1 255 69 0 OrangeRe
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B PaleVioletRed2 238 121 159 PaleVioletRed3 205 104 137 PaleVioletRed4 139 71 93 PapayaWhip 255 239 213 PeachPuff 255 218 185 PeachPuff1 255 218 185 PeachPuff2 238 203 173 PeachPuff3 205 175 149 PeachPuff4 139 119 101 Peru 205 133 63 Pink 255 192 203 Pink1 255 181 197 Pink2 238 169 184 Pink3 205 145
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B RoyalBlue 65 105 225 RoyalBlue1 72 118 255 RoyalBlue2 67 110 238 RoyalBlue3 58 95 205 RoyalBlue4 39 64 139 SaddleBrown 139 69 19 Salmon 250 128 114 Salmon1 255 140 105 Salmon2 238 130 98 Salmon3 205 112 84 Salmon4 139 76 57 SandyBrown 244 164 96 SeaGreen 46 139 87 SeaGreen1 84 255 159 SeaGreen2 7
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Color Names and RGB Values (continued) Color Name R G B SlateBlue4 71 60 139 SlateGray 112 128 144 SlateGray1 198 226 255 SlateGray2 185 211 238 SlateGray3 159 182 205 SlateGray4 108 123 139 Snow 255 250 250 Snow1 255 250 250 Snow2 238 233 233 Snow3 205 201 201 Snow4 139 137 137 SpringGreen 0 255 127 SpringGreen1 0 255 127 SpringGreen2 0 238 118 Sprin
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context Table 2-8 Examples Color Names and RGB Values (continued) Color Name R G B Turquoise 64 224 208 Turquoise1 0 245 255 Turquoise2 0 229 238 Turquoise3 0 197 205 Turquoise4 0 134 139 Violet 238 130 238 VioletRed 208 32 144 VioletRed1 255 62 150 VioletRed2 238 58 140 VioletRed3 205 50 120 VioletRed4 139 34 82 Wheat 245 222 179 Wheat1 255 231 186 Wheat2 238 216 174
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn context webvpn(config-webvpn-context)# policy group cisco webvpn(config-webvpn-group)# url-list cisco webvpn(config-webvpn-group)# nat-address 172.21.65.73 172.21.65.78 netmask 255.0.0.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn gateway webvpn gateway To enter the gateway submode and define the virtual gateway, use the webvpn gateway command. Use the no form of this command to remove any commands that you have entered in the WebVPN subcommand mode from the configuration. webvpn gateway gateway-name Syntax Description gateway-name Defaults This command has no default settings.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn gateway Table 2-9 Virtual Gateway Submode Commands (continued) Command Purpose and Guidelines ip address ip-addr [netmask][port port] Defines the virtual IP address for which the WebVPN [secondary] Services Module is the proxy.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn gateway Examples This example shows how to define the virtual gateway (this gateway is referenced in the WebVPN context) and enter the gateway submode: webvpn(config)# webvpn gateway webvpn(config-webvpn-gateway)# webvpn(config-webvpn-gateway)# webvpn(config-webvpn-gateway)# webvpn(config-webvpn-gateway)# webvpn# common ip address 172.21.65.71 port 443 ssl trustpoint test.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn policy ssl webvpn policy ssl To enter the SSL-policy configuration submode, use the webvpn policy ssl command. In the SSL-policy configuration submode, you can define the SSL policy for one or more SSL-proxy services. webvpn policy ssl ssl-policy-name Syntax Description ssl-policy-name Defaults The defaults are as follows: SSL policy name. • cipher is all. • close-protocol is enabled. • session-caching is enabled.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn policy ssl Table 2-10 SSL-Policy Configuration Submode Command Descriptions (continued) exit Exits from SSL-policy configuration submode. help Provides a description of the interactive help system. [no] session-cache enable Allows you to enable the session-caching feature. Use the no form of this command to disable session-caching.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn policy ssl If you enter the timeout session timeout command without the absolute keyword, the specified timeout becomes the maximum timeout and a best-effort is made to keep the session entry in the session cache. If the session cache runs out of session entries, the session entry that is currently being used is removed for incoming new connections.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn policy ssl This example shows how to set the maximum number of session entries to be allocated for a specific service: wwbvpn(config-ssl-policy)# session-cache size 22000 wwbvpn(config-ssl-policy)# This example shows how to configure the session timeout to absolute: wwbvpn(config-ssl-policy)# timeout session 30000 absolute wwbvpn(config-ssl-policy)# These examples show how to enable the support of different SSL versions: wwbvpn(
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn policy tcp webvpn policy tcp To enter the proxy policy TCP configuration submode, use the webvpn policy tcp command. In proxy-policy TCP configuration submode, you can define the TCP policy templates. webvpn policy tcp tcp-policy-name Syntax Description tcp-policy-name Defaults The defaults are as follows: TCP policy name. • buffer-share rx is 32768 bytes. • buffer-share tx is 32768 bytes.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn policy tcp Table 2-11 Proxy-policy TCP Configuration Submode Command Descriptions (continued) [no] buffer-share rx buffer-limit-in-bytes Allows you to configure the maximum size of the receive buffer share per connection; valid values are from 8192 to 262144. Use the no form of this command to return to the default setting.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn policy tcp Table 2-11 Proxy-policy TCP Configuration Submode Command Descriptions (continued) [no] timeout reassembly time Allows you to configure the amount of time in seconds before the reassembly queue is cleared; valid values are from 0 to 960 seconds (0 = disabled). If the transaction is not complete within the specified time, the reassembly queue is cleared and the connection is dropped.
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn policy tcp wwbvpn(config-tcp-policy)# This example shows how to define the maximum size for the transmit buffer configuration: wwbvpn(config-tcp-policy)# buffer-share tx 13444 wwbvpn(config-tcp-policy)# This example shows how to define the maximum size for the TCP segment: wwbvpn(config-tcp-policy)# mss 1460 wwbvpn(config-tcp-policy)# This example shows how to define the initial connection (SYN)-timeout value: wwbvpn(config-tcp
Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module webvpn policy tcp Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.
