393
Configuration procedure
This section describes how to enable the SSL VPN service. You must use the Web interface
provided by the router to configure SSL VPN functions. For more information, see the Web
configuration manual.
Complete the following tasks to enable SSL VPN:
• Specify the SSL server policy to be used by the SSL VPN service. To access the SSL VPN
gateway or the internal resources, remote users need to log in to the web interface of the SSL
VPN gateway through HTTPS. Therefore, you must specify an SSL server policy on the SSL
VPN gateway so that the gateway can determine the SSL parameters to be used for providing
the SSL VPN service.
• Specify the TCP port number to be used by the SSL VPN service. The SSL VPN gateway acts
as the HTTPS server to provide the web interface for remote users to log in.
• Enable the SSL VPN service. Remote users can access the web interface of the SSL VPN
gateway only after the SSL VPN service is enabled on the gateway.
Follow these guidelines when you configure SSL VPN:
• If the HTTPS service and the SSL VPN service use the same port number, the two services
must use the same SSL server policy. Otherwise, you cannot enable both the services.
• When both the HTTPS service and the SSL VPN service are enabled and they use the same
port number, to modify the SSL server policy that the services use, you must first disable the
two services, modify the SSL server policy, and then enable the services again.
• When the SSL VPN service is enabled, your change to the port number or SSL server policy for
the service does not take effect. To make your change take effect, disable the SSL VPN service
and then enable it again.
Before you configure SSL VPN, create an SSL server policy. For information about SSL server policy
configuration, see "Configuring SSL."
To enable SSL VPN:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Specify the SSL server
policy and port to be used
by the SSL VPN service.
ssl-vpn server-policy
server-policy-name [
port
port-number ]
By default, no SSL server policy is specified
for the SSL VPN service and the SSL VPN
service uses TCP port 443.
3. Enable the SSL VPN
service.
ssl-vpn enable
Disabled by default.
SSL VPN configuration example
Network requirements
As shown in Figure 135, configure SSL and enable SSL VPN service on the SSL VPN gateway, so
that users can log in to the Web interface of the SSL VPN gateway through HTTPS and then access
the internal resources of the corporate network through the SSL VPN gateway.
In this configuration example:
• The IP address of the SSL VPN gateway is 10.1.1.1/24.
• The IP address of the Certificate Authority (CA) is 10.2.1.1/24. The name of the CA is CA server,
which is used to issue certificates to the SSL VPN gateway and remote users.
To Next Page
Loading...
Need help?
General
