Virtual Private Networking Using IPv4 SSL Connections
222
ProSafe Wireless-N 8-Port Gigabit VPN Firewall FVS318N
SSL VPN Portal Options
The wireless VPN firewall’s SSL VPN portal can provide two levels of SSL service to the
remote user:
• SSL VPN tunnel.
The wireless VPN firewall can provide the full network connectivity of a
VPN tunnel using the remote user’s browser instead of a traditional IPSec VPN client.
The SSL capability of the user’s browser provides authentication and encryption,
establishing a secure connection to the wireless VPN firewall. Upon successful
connection, an ActiveX-based SSL VPN client is downloaded to the remote PC to allow
the remote user to virtually join the corporate network.
The SSL VPN client provides a point-to-point
(PPP) connection between the client and
the wireless VPN firewall, and a virtual network interface is created on the user’s PC. The
wireless VPN firewall assigns the PC an IP address and DNS server IP addresses,
allowing the remote PC to access network resources in the same manner as if it were
connected directly to the corporate network, subject to any policy restrictions that you
configure.
• SSL port forwa
rding. Like an SSL VPN tunnel, port forwarding is a web-based client that
is installed transparently and then creates a virtual, encrypted tunnel to the remote
network. However, port forwarding differs from an SSL VPN tunnel in several ways:
- Port
forwarding supports only TCP connections, not UDP connections or connections
using other IP protocols.
- Port forward
ing detects and reroutes individual data streams on the user’s PC to the
port-forwarding connection rather than opening up a full tunnel to the corporate
network.
- Port forward
ing offers more fine-grained management than an SSL VPN tunnel. You
define individual applications and resources that are available to remote users.
The SSL VPN portal can present the remote user with one or both of these SSL service
levels, dep
ending on how you set up the configuration.
Overview of the SSL Configuration Process
To configure and activate SSL connections, perform the following six basic steps in the order
that they are presented:
1. Create a n
ew SSL portal (see Create the Portal Layout on page 223).
When remote users log in to the wireless VPN firewall,
they see a portal page that you
can customize to present the resources and functions that you choose to make available.
2. Creat
e authentication domains, user groups, and user accounts (see Configure Domains,
Groups, and Users on p
age 227).)
a. Create o
ne or more authentication domains for authentication of SSL VPN users.
When remote users log in to the wireless VPN firewall, th
ey need to specify a domain
to which their login account belongs. The domain determines the authentication
To Next Page
Loading...
