Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Configuring SSL WebVPN on Cisco 871W

Hi all

I have a Cisco 871W router and would like to setup a secure wireless access point for the local office. Did some reading on wireless security and sort of come down with a couple of methods to do it but would like to hear your feeback on it.

1. Connect the 871W to the office LAN. The wireless security I'm thinking of is WAP-PSK Preshare. Once connected, the user will have to carry out SSL WebVPN authentication to gain access to the internal network. This 2nd layer of authentication would probably be using RADIUS authentication. I've got RADIUS working for Cisco VPN Client on a PIX 515 already so I don't think it should be that difficult with setting up RADIUS for the 871W router.

Alternatively I can:

2. Configure 802.1X authentication on the router. Wireless clients will have to turn on 802.1X to be able to connect to the corporate internal network. I can see some stumbling block in using this methods like:

- I do not have a certificate server hence it'll be a pain getting the clients to authenticate via 802.1X

- It'll be difficult to implement different level of access using 802.1X. For instance visiting guest would have access to nothing but the internal proxy server for surfing the Internet. All domain users will have full access to internal network.

Thanks in advance for your reply and if you know of any links that would point me in the right direction, it would be greatly appreciated.


Re: Configuring SSL WebVPN on Cisco 871W

SSL uses digital certificates for authentication. The VPN Concentrator creates a self-signed SSL server certificate when it boots; or you can install in the VPN Concentrator an SSL certificate that has been issued in a PKI context. For HTTPS, this certificate must then be installed in the client. You need to install the certificate from a given VPN Concentrator only once.

For information on installing the SSL digital certificate in your browser and connecting via HTTPS, in the VPN 3000 Series Concentrator refer to

CreatePlease to create content