Ssl Vpn; Overview - D-Link DFL-1660 User Manual
Network security firewall
Hide thumbs
Also See for DFL-1660:
- User manual (483 pages) ,
- Installation manual (45 pages) ,
- Reference manual (948 pages)
Table of Contents
Advertisement
9.6. SSL VPN
9.6. SSL VPN
9.6.1. Overview
NetDefendOS provides an additional type of VPN connection called SSL VPN. This makes use of
the Secure Sockets Layer (SSL) protocol to provide a secure tunnel between a remote client
computer and a NetDefend Firewall. Any application on the client can then communicate securely
with servers located on the protected side of the firewall.
The Advantage of SSL VPN
The key advantage of SSL VPN is that it enables secure communications between a client and a
firewall using the HTTPS protocol. In some environments where roaming clients have to operate,
such as hotels or airports, network equipment will often not allow other tunnelling protocols, such as
IPsec, to be used.
In such cases, SSL VPN provides a viable, simple, secure client connection solution.
The SSL VPN Disadvantage
A disadvantage of SSL VPN is that it relies on tunneling techniques that make extensive use of TCP
protocol encapsulation for reliable transmission. This leads to extra processing overhead which can
cause noticable latencies in some high load situations.
SSL VPN therefore demands more processing resources than, for example, IPsec. In addition,
hardware acceleration for IPsec is available on some hardware platforms to further boost processing
efficiency.
A Summary of SSL VPN Setup Steps
SSL VPN setup requires the following steps:
•
On the NetDefend Firewall side:
i.
An SSL VPN Interface object needs to be created which configures a particular Ethernet
interface to accept SSL VPN connections.
ii.
An Authentication Rule needs to be defined for incoming SSL VPN clients and the rule
must have the Interface property set to be the name of the SSL VPN object created above.
The Authentication Agent of the rule must be set to L2TP/PPTP/SSL VPN and the rule's
Terminator IP must be set to the external IP address address of the firewall's listening
interface.
The PPP Agent Options for the rule can be any combination of PAP, CHAP, MS-CHAP,
MS-ChAPv2 and no authentication. The SSL client will go through all the options until it
finds a method that works. By default, all options are enabled except for no authentication.
This topic is discussed further in Section 8.2.5, "Authentication Rules".
iii. Client users need to be defined in the Authentication Source of the authentication rule. This
source can be a local user database, a RADIUS server or an LDAP server.
iv. Define appropriate NetDefendOS IP rules to allow data flow within the SSL VPN tunnel.
As discussed below, IP rules do not normally need to be defined for the setup of the SSL
VPN tunnel itself, they are only needed for the traffic that flows inside the tunnel.
v.
Specify the interfaces on which client IPs will be ARP published. This is necessary so a
472
Chapter 9. VPN
- Quick Links:
- The Cli
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
