Virtual Private Networking
6.
Using SSL Connections
The VPN firewall provides a hardware-based SSL VPN solution designed specifically to provide
remote access for mobile users to their corporate resources, bypassing the need for a
preinstalled VPN client on their computers. Using the familiar Secure Sockets Layer (SSL)
protocol, commonly used for e-commerce transactions, the VPN firewall can authenticate itself
to an SSL-enabled client, such as a standard web browser. Once the authentication and
negotiation of encryption information are completed, the server and client can establish an
encrypted connection. With support for up to 50 dedicated SSL VPN tunnels, the VPN firewall
allows users to easily access the remote network for a customizable, secure, user portal
experience from virtually any available platform.
This chapter contains the following sections:
•
SSL VPN Portal Options
•
Overview of the SSL Configuration Process
•
Create the Portal Layout
•
Configure Domains, Groups, and Users
•
Configure Applications for Port Forwarding
•
Configure the SSL VPN Client
•
Use Network Resource Objects to Simplify Policies
•
Configure User, Group, and Global Policies
•
Access the SSL Portal Login Screen
•
View the SSL VPN Connection Status and SSL VPN Logs
SSL VPN Portal Options
The VPN firewall's SSL VPN portal can provide two levels of SSL service to the remote user:
•
SSL VPN tunnel. The VPN firewall can provide the full network connectivity of a VPN
tunnel using the remote user's browser instead of a traditional IPSec VPN client.
The SSL capability of the user's browser provides authentication and encryption,
establishing a secure connection to the VPN firewall. Upon successful connection, an
ActiveX-based SSL VPN client is downloaded to the remote computer to allow the
remote user to virtually join the corporate network.
198
6