Configuring Ssl Vpn In Netdefendos - D-Link DFL-260E User Manual
Network security firewall netdefendos version 2.40.00
Hide thumbs
Also See for DFL-260E:
- Reference manual (948 pages) ,
- Log reference manual (652 pages) ,
- User manual (552 pages)
Table of Contents
Advertisement
9.6.2. Configuring SSL VPN in
NetDefendOS
The option exists with NetDefendOS SSL VPN to automatically ARP publish all client IPs
on all firewall interfaces but this is not recommended because of the security issues that are
raised.
vi. Routes for clients do not need to be defined in the routing tables as these are added
automatically by NetDefendOS when SSL VPN tunnels are established.
•
On the Windows based client side:
A proprietary D-Link VPN SSL client application needs to be installed and configured to route
traffic to the correct interface on the firewall.
Installing and running the SSL VPN client software is done as part of the logging in process for
users as they access the firewall through a web browser. The Windows based client software is
automatically downloaded through the browser directly from the firewall.
SSL VPN with PPPoE
Where PPPoE is used as the method of connection to the NetDefend Firewall over the public
Internet, it is possible to have SSL VPN fuction over the PPPoE connection.
This is done by setting up the SSL VPN tunnel so that the Outer Interface property of the SSL VPN
tunnel object is specifed to be a PPPoE configuration object instead of a physical Ethernet interface.
Setting up a PPPoE interface object is described in Section 3.4.4, "PPPoE".
9.6.2. Configuring SSL VPN in NetDefendOS
To configure the SSL VPN in NetDefendOS, an SSL VPN Interface object must be defined for each
interface on which connections will be made. The object properties are as follows:
General Options
•
Name
A descriptive name for the object used for display in the NetDefendOS configuration.
•
Inner IP
This is the IP number within the tunnel that SSL VPN clients will connect to.
All clients that connect to the SSL VPN object interface are allocated an IP from the SSL VPN
interface's IP Pool. All the pool addresses as well as the Inner IP must belong to the same
network and these define the relationship between the firewall and the connecting clients.
A private IP network should be used for this purpose. The Inner IP itself must not be one of the
IP Pool addresses that can be handed out to connecting SSL VPN clients.
•
Outer Interface
The interface on which to listen for SSL VPN connection attempts. This could be a physical
Tip: The Inner IP can be pinged
For troubleshooting purposes, an ICMP Ping can be sent to the Inner IP address. In
order for NetDefendOS to be able to respond, an IP rule must exist that allows traffic
to flow from the SSL VPN interface to core (in other words, to NetDefendOS itself).
467
Chapter 9. VPN
Advertisement
Table of Contents
Troubleshooting
