Ssl Vpn Features Supported By The Ar1200 - Huawei AR1200 series Configuration Manual

Huawei AR1200 Series Enterprise Routers
Configuration Guide - VPN

7.2 SSL VPN Features Supported by the AR1200

The AR1200 supports the following SSL VPN features: virtual gateway, basic VPN functions,
SSL VPN user management, and SSL VPN services.
Virtual Gateway
An AR1200 functioning as an SSL VPN gateway can be divided into multiple virtual gateways.
Service configuration and user management are based on virtual gateways. Before configuring
SSL VPN services on the AR1200, create a virtual gateway.
Basic SSL VPN Functions
The configurations of basic SSL VPN functions include extranet/intranet interfaces and AAA
domain.
l
l
To use an AR1200 as an SSL VPN gateway, you must configure and enable the basic SSL VPN
functions. If the basic SSL VPN functions are disabled, no user can access internal servers
through the SSL VPN gateway.
SSL VPN User Management
User management functions include:
l
l
l
Issue 01 (2012-04-20)
When functioning as an SSL VPN gateway, the AR1200 provides two types of interfaces:
extranet interface and intranet interface.
– An extranet interface connects to the Internet. Users on a virtual gateway can access the
web login page by using the extranet interface address.
– An intranet interface connects to an internal server, allowing the virtual gateway to
communicate with the internal server.
To prevent unauthorized users from accessing internal resources and protect intranet
security, each virtual gateway must authenticate login users. After being bound to an AAA
domain, a virtual gateway performs AAA authentication for all login users. Only the
authenticated users are allowed to access internal resources.
Configuring user information
To log in to virtual gateways, each authorized user needs a user name and a password. All
the user names and passwords of the locally authenticated users are stored on virtual
gateways. After a user enters the user name and password, the virtual gateway checks
whether they are identical with the locally stored user name and password of this user. If
they are identical, the virtual gateway allows the user to log in.
Configuring the maximum number of online users
An administrator can limit the number of online users. When the number of online users
on the virtual gateway exceeds the limit, no more user can log in.
Configuring the maximum online duration of users
If an online user does not use services for a long time, the user still occupies resources. To
avoid a waste of resources, configure the maximum online duration for users. A user whose
online duration exceeds the limit is logged off forcibly. The virtual gateway still stores
information about the disconnected users.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
7 SSL VPN Configuration
365