Chapter 7. SSL VPN
The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec
VPN. SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre-
installed VPN client on the remote host. Instead, users can securely login through the
SSL User Portal using a standard web browser and receive access to configured
network resources within the corporate LAN. The router supports multiple concurrent
sessions to allow remote users to access the LAN over an encrypted link through a
customizable user portal interface, and each SSL VPN user can be assigned unique
privileges and network resource access levels.
The remote user can be provided different options for SSL service through this router:
• VPN Tunnel: The remote user’s SSL enabled browser is used in place of a VPN
client on the remote host to establish a secure VPN tunnel. A SSL VPN client
(Active-X or Java based) is installed in the remote host to allow the client to join
the corporate LAN with pre-configured access/policy privileges. At this point a
virtual network interface is created on the user’s host and this will be assigned an
IP address and DNS server address from the router. Once established, the host
machine can access allocated network resources.
• Port Forwarding: A web-based (ActiveX or Java) client is installed on the client
machine again. Note that Port Forwarding service only supports TCP connections
between the remote user and the router. The router administrator can define specific
services or applications that are available to remote port forwarding users instead
of access to the full LAN like the VPN tunnel.
ActiveX clients are used when the remote user accesses the portal using the Internet
Explorer browser. The Java client is used for other browsers like Mozilla Firefox,
Netscape Navigator, Google Chrome, and Apple Safari.
To Next Page
Loading...
