1. Manuals
  2. Brands
  3. Novell Manuals
  4. Software
  5. ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE...
  6. User manual

Novell ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010 User Manual

Ssl vpn
Hide thumbs Also See for ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual
AUTHORIZED DOCUMENTATION
SSL VPN User Guide
Novell
Access Manager
3.1 SP2
June 11, 2010
www.novell.com
Novell Access Manager 3.1 SP2 SSL VPN User Guide

Advertisement

Table of Contents
loading

Related Manuals for Novell ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010

Summary of Contents for Novell ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010

  • Page 1 AUTHORIZED DOCUMENTATION SSL VPN User Guide Novell Access Manager 3.1 SP2 June 11, 2010 www.novell.com Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 2: Legal Notices

    Further, Novell, Inc., reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
  • Page 3 Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
  • Page 4 Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 5: Table Of Contents

    Contents About This Guide 1 Overview of SSL VPN Access Modes ............. . 9 1.1.1 Kiosk Mode .
  • Page 6 B.24 Socks Client Logs Are Displayed under Service Logs ....... 58 B.25 Connection Fails in SSL VPN If the Root User Password Is Not Set in Macintosh ..58 Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 7: About This Guide

    Novell Access Manager 3.1 SP2 Identity Server Guide Novell Access Manager 3.1 SP2 Access Gateway Guide Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. About This Guide...
  • Page 8 Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 9: Overview Of Ssl Vpn

    Overview of SSL VPN The Novell Access Manager SSL VPN allows you to use a Web browser to access corporate resources securely from a remote site. It uses a Secure Socket Layer (SSL) with a virtual private connection (VPN). It is a clientless solution, and it eliminates the need to install or configure a VPN client on your desktop or laptop.

  • Page 10: Enterprise Mode

    “Preinstalling the SSL VPN Client Components” in the Novell Access Manager 3.1 SP2 SSL VPN Server GuideNovell Access Manager 3.1 SP2 SSL VPN Server Guide. For more information on using Enterprise mode, see Chapter 3, “Accessing SSL VPN in Enterprise Mode,”...

  • Page 11: Macintosh Requirements

    “Configuring SSL VPN to Download the Java Applet on Internet Explorer” in the Novell Access Manager 3.1 SP2 SSL VPN Server Guide. The following table lists the supported versions of operating software and browsers in the Windows...
  • Page 12 NOTE: Do not use Windows Explorer to run SSL VPN. Sun JRE 1.4.1 or higher NOTE: If you are using Firefox 3.6, you must have Java SE 6 update 10 or higher. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 13: Accessing Ssl Vpn In Kiosk Mode

    Accessing SSL VPN in Kiosk Mode Kiosk mode is the usual choice for computers not controlled by the organization, such as home computers and computers in Web-browsing kiosks. In the Kiosk mode of SSL VPN, only those applications that are opened after connecting to the SSL VPN server are enabled for SSL.
  • Page 14 7 If the SSL VPN connection is successful, the SSL VPN Home page is displayed. Make sure that you keep the browser open throughout the SSL VPN session, and continue with Step If the SSL VPN connection fails, an error message is displayed. Skip to Step Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 15: Switching From Kiosk Mode To Enterprise Mode

    8 Do one of the following, depending on whether you are a Linux, Macintosh, or Windows user: Linux: If you are a Linux user, open a new terminal to launch applications that need to be enabled for SSL. For more information, see Section 5.5.1, “Enabling Linux Applications for SSL,”...
  • Page 16 Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 17: Accessing Ssl Vpn In Enterprise Mode

    For more information on pre-installing the client components, see “Preinstalling the SSL VPN Client Components” in the Novell Access Manager 3.1 SP2 SSL VPN Server Guide. You must have the recommended browser or operating software installed in your system. For more information, see Section 1.2, “Client Machine Requirements,”...
  • Page 18 Policy tab. Make sure that you do not close this browser during the SSL VPN session. If the SSL VPN connection fails, an error message is displayed. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 19: Accessing Ssl Vpn As A Non-Admin User

    5 (Conditional) If you see this error message, click Logout to log out of the session. For more information on these error messages, see Appendix A, “Error Messages,” on page 3.3 Accessing SSL VPN as a Non-Admin User If you are a non-admin or a non- user, but you know the credentials of the administrator or root user, you can connect to SSL VPN in Enterprise mode as follows:...
  • Page 20 7 (Conditional) If the connection is successful, the SSL VPN Home page is displayed, allowing access to all the resources listed on the Policy page. Make sure that you do not close this browser during the SSL VPN session. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 21: Switching From Enterprise Mode To Kiosk Mode

    SSL VPN in Kiosk Mode,” on page 3.5 Enabling the Sudo Command for Standard Users in the Mac OS Novell SSL VPN uses the command to gain root privileges for non-root users in the Mac OS. sudo This command is not enabled by default for standard users in the Mac OS.
  • Page 22 Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 23: Accessing Published Citrix Applications Through Ssl Vpn

    Accessing Published Citrix Applications through SSL VPN You can access published Citrix applications through SSL VPN. Section 4.1, “Accessing Published Citrix Applications in Kiosk Mode,” on page 23 Section 4.2, “Accessing Published Citrix Applications in Enterprise Mode,” on page 23 4.1 Accessing Published Citrix Applications in Kiosk Mode 1 Connect to a Citrix server by using the following URL:...
  • Page 24 Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 25: Using Ssl Vpn

    Click the Home icon to display the Home page. How this page is displayed to you depends on how your organization has customized this page. The following figure displays the default Novell SSL VPN home page. SSL VPN Home Page...

  • Page 26: Using The Policies Page

    Java applet log for more information on the error. For more information on error messages, see Appendix A, “Error Messages,” on page 5.2 Using the Policies Page 1 On the SSL VPN Home page, click the Policies icon. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 27: Configuring The Cleanup Options

    2 Review the information on the page. This page displays the resources you can access, based on the traffic policies configured by your system administrator for your role. The information is displayed as follows: Name: The name of the traffic policy applicable for your role. Destination: The IP address of the destination network.

  • Page 28: Viewing Ssl Vpn Logs

    NOTE: When you click the installation logs, you might notice the log message Sandbox is . This message indicates that a folder named VPN- enabled for you at VPN-SANDBOX SANDBOX was automatically created for you on your desktop during the SSL VPN Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 29: Enabling Applications For Ssl

    connection. Copy or download all the files into this folder. This folder, along with its contents, is deleted automatically, when you disconnect the SSL VPN connection. Section 5.7, “Using the Sandbox Feature,” on page 30 Tunnel Logs: Displays the tunnel logs. This contains STunnel logs if the SSL VPN connection is in Kiosk mode and OpenVPN logs if the SSL VPN connection is in Enterprise mode.

  • Page 30: Enabling Macintosh Applications For Ssl

    Kiosk mode or Enterprise mode, a folder named VPN-SANDBOX is created on your desktop. You can copy all the files and folders that you have downloaded from your corporate network, or that Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 31: Error

    you have created into this folder. This folder is automatically deleted when the SSL VPN connection is terminated. This is a very useful feature if you are browsing from an Internet Kiosk and you do not want any sensitive information to reach other persons. Sandbox Folder on Your Desktop Figure 5-2 The Browser Agent logs indicate that the Sandbox folder has been created on your desktop.

  • Page 32: Connecting After The Session Timeout Period

    Windows client to load a Java-based applet instead of the ActiveX controls. In order to force load the applet, enter the following URL to launch the SSL VPN user interface: https:<DNS-Name>/sslvpn/login?forcejre Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 33: A Error Messages

    Error Messages Some frequently encountered error messages and their explanations are given below: “AM.1000: Client Integrity Check Failed. Check Error Logs for More Information.” on page 36 “AM.1001: Server Is not Responding.” on page 36 “AM.1002: Client Is Inactive for More Than <x> Minutes. Please Log Out.” on page 36 “AM.1003: Problem with One of the Underlying Components/ Connection Error.
  • Page 34 “AM.1303: Unable to Send Acknowledgment to the Applet for the Cookie Received” on page 44 “AM.1304: Incorrect DNS Information Message Received from the Applet (Incorrect Length of Message)” on page 44 Novell Access Manager 3.1 SP2 SSL VPN User Guide...
  • Page 35 “AM.1305: Unable to Send Acknowledgment to the Applet for the DNS Message Received” on page 44 “AM.1306: Disconnect Message from the Applet Was Incorrect (Incorrect Message Length)” on page 44 “AM.1307: Unable to Send Acknowledgment to the Applet for the Disconnect Message Received”...

  • Page 36: Am.1000: Client Integrity Check Failed. Check Error Logs For More Information

    Action: Click Log Entries, select Polresolver Logs, Tunnel Logs and Service Logs from View Logs to check details, then contact your system administrator. Possible Cause: The SSL VPN tunnel is down. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 37: Am.1005: Failed To Find Free Ports On The Client

    Action: Click Log Entries, then select Tunnel Logs from View Logs to check details. Try reconnecting again. If the problem persists, contact your system administrator. AM.1005: Failed to Find Free Ports on the Client. Possible Cause: No free ports are available. Action: Contact your system administrator.

  • Page 38: Am.100D: Another Instance Of Ssl Vpn Is Running. Please Close This Browser

    AM.100I: Your SSL VPN connection was terminated by the System Administrator. Please Log Out. Possible Cause: The system administrator has disconnected your connection. Action: Try reconnecting. If the problem persists, contact your system administrator. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 39: Am.100J: Your Ssl Vpn Connection Was Terminated Because Of Configuration Changes In The Server Or Because The Server Was Restarted. Please Log Out

    AM.100J: Your SSL VPN connection was terminated because of configuration changes in the server or because the server was restarted. Please log out. Possible Cause: The SSL VPN restarted to apply the configuration changes. Action: Log out of SSL VPN connection. Try reconnecting after a few minutes. Possible Cause: One of the SSL VPN server components might have gone down.

  • Page 40: Am.101G: Error In Cic Policy Processing

    Action: Close the browser. If you want to reconnect, initiate the connection from a fresh instance of the browser. AM.1011: This Operating System Is not Supported. Please Log Out. Possible Cause: Your operating system is not supported. Novell Access Manager 3.1 SP2 SSL VPN User Guide...
  • Page 41 Action: Click Log Entries, then select Browser Agent Logs from View Logs for more information. Check the Novell Access Manager 3.1 SSL VPN User Guide (http://www.novell.com/documentation/novellaccessmanager31/ sslvpn_userguide/index.html?page=/documentation/novellaccessmanager31/ sslvpn_userguide/data/bookinfo.html) for supported platforms. AM.1012: The User Does Not Seem to Have Enough Privileges. Please Log Out.
  • Page 42 Manager 3.1 SSL VPN User Guide (http://www.novell.com/documentation/ novellaccessmanager31/sslvpn_userguide/index.html?page=/documentation/ novellaccessmanager31/sslvpn_userguide/data/ba9j4uq.html). If your browser is supported by Novell SSL VPN, close all instances of the browser and try connecting from a fresh instance of the browser. AM.1021: Failed to Send a Keepalive Message to Server Possible Cause: Failed to send the session persistence packets to the server.
  • Page 43 Action: Click Log Entries, then select Browser Agent Logs and Service Logs from View Logs for more information. Check if the enterprise thin client service binary novell-sslvpn-serv is running. AM.1100: Received Zero Length Data from the SOCKS Client. Possible Cause: The SSL-enabled application crashed while performing a policy resolution.

  • Page 44: Am.1305: Unable To Send Acknowledgment To The Applet For The Dns Message Received

    AM.1306: Disconnect Message from the Applet Was Incorrect (Incorrect Message Length) Possible Cause: Polresolver – Applet communication is bad or the session cleanup is incomplete. Action: Contact your system administrator if the problem persists. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 45: Am.1307: Unable To Send Acknowledgment To The Applet For The Disconnect Message Received

    AM.1307: Unable to Send Acknowledgment to the Applet for the Disconnect Message Received Possible Cause: Polresolver – Applet communication is bad or the session cleanup is incomplete. Action: Contact your system administrator if the problem persists. AM.1308: Polresolver Received an Incomplete Message. Possible Cause: An intruder might be probing Polresolver with an incorrect message.

  • Page 46: Am.1506: Ssl Vpn Server Certificate Validation Failed. Please Log Out

    Action: Click Log Entries, then select Tunnel Logs from View Logs to check logs. Try reconnecting from a fresh instance of the browser. If the problem persists, contact your system administrator. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 47: Am.1704: Policy Initialization Failed. Please Log Out

    If it is not running, go to Control Panel > Administrative serv.exe Tools > Services Panel and look for a service named novell-sslvpn-serv. If it is found, restart it. If it is not found, then the thin-client service is not installed properly.

  • Page 48: Am.1804: Maximum Attempts To Enter Password Reached. Please Close The Browser

    Possible Cause: You have not selected any client mode in the SSL VPN mode selection dialog box. Action: Log out from the current session and connect again. When the Mode selection dialog box appears, select a client mode. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 49: Am.1809: Error: Failed To Start Ssl Vpn Desktop Cleanup

    For more information on SSL VPN modes, see the Novell Access Manager SSL VPN User Guide (http://www.novell.com/documentation/ novellaccessmanager31/sslvpn_userguide/index.html?page=/documentation/ novellaccessmanager31/sslvpn_userguide/data/bac4n0o.html) AM.1809: Error: Failed to Start SSL VPN Desktop Cleanup Possible Cause: There was an error in initiating the desktop cleanup action.
  • Page 50 If your deployment requires 250 or more concurrent SSL VPN connections, ® your regular Novell sales channel can determine if the export law allows you to order the high bandwidth version at no extra cost. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 51: B Troubleshooting Ssl Vpn

    Troubleshooting SSL VPN This section provides various troubleshooting scenarios that you might encounter while configuring SSL VPN. Section B.1, “SSL VPN Fails to Load If Firefox 3.0 Is Used on Vista 64-bit,” on page 52 Section B.2, “Error: Failed to Fetch CIC Policy from the Server,” on page 52 Section B.3, “Stability Issues when You Use a Firefox Browser on a Vista 64-Bit Machine,”...

  • Page 52: Ssl Vpn Fails To Load If Firefox 3.0 Is Used On Vista 64-Bit

    Failed to Renew DHCP IP Address Lease on TAP-Win 32 Adapter: The system cannot find the file specified. To work around this issue, do the following before attempting to connect to SSL VPN again: 1 Select Start > Control Panel > Network Connections. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 53: The Ssl Vpn Applet Fails To Download On A Sled 11 64-Bit Machine

    2 Right-click the Local Area Connection with the device name TAP-Win 32 Adapter, then select Properties. 3 Click Configure, then select the Advanced tab. 4 Select Media Status and set the value to Always Connected. 5 Click OK. B.5 The SSL VPN Applet Fails to Download on a SLED 11 64-bit Machine If you are using a SUSE Linux Enterprise Desktop (SLED) 11 64-bit machine, the SSL VPN applet might fail to download after logging in, and a blank page is displayed to you.

  • Page 54: The Ssl Vpn Connection Fails With An Openvpn Connection Error

    On a Windows machine, do the following: 1 Control Panel > Java. 2 Click Delete Files in the General tab. 3 Select the Downloaded Applets check box in the Delete Temporary Files dialog box. 4 Click OK. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 55: Mozilla Firefox Browser Displays An "X" Mark

    B.11 Mozilla Firefox Browser Displays an “X” Mark If you see an “X” on the top left corner of Mozilla Firefox while trying to access the SSL VPN end user portal, it indicates that the Java Runtime Environment* (JRE) is not installed on the client machine.

  • Page 56: Ssl Vpn Client Displays The Nonsecure Items Dialog Box

    This is because the help pages are served to the SSL VPN client by the Tomcat. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

  • Page 57: The Browser Becomes Non-Responsive If Clear Browser Private Data Is Repeatedly Clicked

    B.19 The Browser Becomes Non-Responsive If Clear Browser Private Data Is Repeatedly Clicked The browser might become non-responsive if the button in the SSL VPN applet is repeatedly clicked. This issue occurs with the JRE Update 06 version. To work around this issue, upgrade the JRE to the latest update.

  • Page 58: Issues With The Intlclock Toolbar Application

    When there is no password set for the user, you can log in by using the root root credentials of the admin user. Novell Access Manager 3.1 SP2 SSL VPN User Guide...

This manual is also suitable for:

Access manager 3.1 sp2

Table of Contents