Context
Figure 7-6 IP forwarding service network
Internet LAN
Application server
SSL VPN gateway
Remote terminal
As shown in Figure 7-6, the SSL VPN gateway allows remote terminals to communicate with
internal servers at the network layer. For example, they can share files.
To use the IP forwarding service, client software specific to the IP forwarding service must be
downloaded from the web page and installed on the terminals. After the client software is
installed, a virtual network adapter is also installed on the terminal. The client software is
responsible for setting up an SSL connection between the terminal and gateway, requesting an
IP address for the virtual network adapter, and creating a route with the virtual network adapter
as outbound interface.
After an IP address pool is bound to the IP forwarding service, an IP address is allocated from
the IP address pool to the terminal.
To limit user access, you can use the bind acl command to apply an ACL to the IP forwarding
service. Alternatively, you can set the routing mode to Split. In the Split mode, a terminal can
only communicate with the servers in the specified network segment.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
sslvpn gateway gateway-name
The virtual gateway view is displayed.
Step 3 Run:
service-type ip-forwarding resource resource-name
The IP forwarding service is created and its view is displayed.
By default, the virtual gateway does not provide the IP forwarding service.
Step 4 (Optional) Run:
description description
The description for the IP forwarding service is configured.
Step 5 Run:
bind ip-pool pool-name
An IP address pool is bound to the IP forwarding service.
Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN 7 SSL VPN Configuration
Issue 01 (2012-04-20) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
376
To Next Page
Loading...
