Setup Example - D-Link DFL-1660 User Manual

9.6.4. Setup Example

have been removed.
To remedy this problem, the D-Link SSL VPN client software should be started by selecting it in
the Windows Start menu and then stopped.
9.6.4. Setup Example
Example 9.13. Setting Up an SSL VPN Interface
This example shows how to set up a new SSL VPN interface called my_sslvpn.
Assume that the physical interface If2 will be used to listen to client connections and this will have an external IP
address already defined in the address book called sslvpn_server_ip. Connections will be made using SSL VPN
to a server located on the network connected to the firewall's If3 Ethernet interface.
Assume also that the IPv4 addresses that can be handed out to clients are defined in the address book object
sslvpn_pool. This might contain the simple address range 10.0.0.2-10.0.0.9.
Another address book IP object sslvpn_inner_ip might then be set as 10.0.0.1 and this is the inner IP of the
NetDefendOS end of the tunnel.
1. Create an SSL VPN Object
Command-Line Interface
gw-world:/> add Interface SSLVPNInterface my_sslvpn
Note: If multiple Proxy ARP interfaces are needed, they are specified as a comma separated list. For example:
If3,If4,If5.
Web Interface
1. Go to: Interfaces > SSL VPN Interface > Add > SSL VPN Interface
2. Now enter:
• Specify a suitable name, for example my_sslvpn_if
• Inner IP: sslvpn_inner_ip
• Outer Interface: If2
• Server IP: sslvpn_server_ip
• IP Pool: sslvpn_pool
3. Click the tab Add Route
4. Select the If3 interface in the Available list and press the ">>" button to move it into the Selected list
5. Click OK
2. Create an Authentication Rule
Command-Line Interface
gw-world:/> add UserAuthRule SSLVPNInterface ssl_login
InnerIP=sslvpn_inner_ip
IPAddressPool=sslvpn_pool
OuterInterface=If2
ServerIP=sslvpn_server_ip
ProxyARPInterfaces=If3
AuthSource=Local
Interface=my_sslvpn_if
OriginatorIP=all-nets
LocalUserDB=lannet_auth_users
Agent=SSL
TerminatorIP=sslvpn_server_ip
Name=ssl_login
478
Chapter 9. VPN