User's Manual

ManualsBrandsCisco Systems ManualsSwitchCisco Systems 6500

101

102

103

104

105

106

107

108

109

110

2-102

Catalyst 6500 Series Switch WebVPN Module Command Reference—Release 1.1

OL-7310-01

Chapter 2 Commands for the Catalyst 6500 Series Switch WebVPN Module

webvpn gateway

To configure the mask address to specify a wildcard proxy service, use the ip address ip-addr command

and use these guidelines:

• You must enter the secondary keyword to configure a wildcard proxy service.

• When you enter the secondary keyword, the WebVPN Services Module does not respond to ARP

requests of the virtual IP address.

• You can enter the secondary keyword when the WebVPN Services Module is used in a standalone

configuration or when the WebVPN Services Module is used as a real server on a load balancer (such

as the CSM) configured in dispatch mode (MAC address rewrite).

• You can enter the secondary keyword if you configure multiple devices using the same virtual IP

address. The virtual IP address can be any legal IP address, and does not have to be in the VLAN

(subnet) connected to the WebVPN Services Module.

If you create a policy by entering the webvpn policy tcp command without specifying any parameters,

the policy is created using the default values.

If the key (modulus) size is other than 512, 768, 1024, 1536, or 2048, you will receive an error and the

trustpoint configuration is not applied. Replace the key by generating a key (using the same key-label)

and specifying a supported modulus size, then reenter the name of the gateway that is used in the URL

and the cookie mangling process using the gateway-name gateway-name command.

ip address ip-addr [netmask][port port]

[secondary]

Defines the virtual IP address for which the WebVPN

Services Module is the proxy.

• port port—(Optional) Specifies the port number for

which the WebVPN Services Module is the proxy;

valid values are from 1 to 65535.

• secondary—(Optional) Configures the gateway as the

secondary IP. The secondary keyword is required if the

virtual IP address is not on a network with a direct

connection.

port is 443.

policy tcp tcp-policy-name

no policy tcp

(Optional) Specifies the TCP policy to use. Use the no form

of this command to return to the default policy.

policy ssl ssl-policy-name

no policy ssl

(Optional) Specifies the SSL policy to use. Use the no form

of this command to return to the default policy.

ssl trustpoint trustpoint-label Applies a trustpoint configuration to the WebVPN gateway.

You can import the test certificate embedded on the module.

Note The trustpoint defines the certificate authority

server, the key parameters and key-generation

methods, and the certificate enrollment methods for

the WebVPN gateway.

Table 2-9 Virtual Gateway Submode Commands (continued)

Command Purpose and Guidelines Defaults