Traditional And Esp-Enabled Ssl Vpns; Esp-Enabled Novell Ssl Vpn - Novell ACCESS MANAGER 3.1 SP2 - SSL VPN SERVER GUIDE 2010 Manual

Custom Login Policy
When custom login policy is configured, SSL VPN redirects the custom login requests to different
URLs based on the policy. This is a very useful feature if users want to access applications such as
those on the Citrix application servers. For more information on how to configure a custom login
policy, see

1.2 Traditional and ESP-Enabled SSL VPNs

The Novell SSL VPN can be deployed as either an ESP-enabled SSL VPN or a Traditional SSL
VPN.
When SSL VPN is deployed without the Access Gateway, an Embedded Service Provider (ESP)
component is installed along with the SSL VPN server. This deployment requires the Identity Server
and the Administration server to also be installed. This type of deployment is called an ESP-enabled
Novell SSL VPN.
When SSL VPN is deployed with the Access Gateway, it is called a Traditional Novell SSL VPN. In
this type of installation, SSL VPN is deployed with the Identity Server, Administration Console, and
the Linux Access Gateway components of Novell Access Manager.
Section 1.2.1, "ESP-Enabled Novell SSL VPN," on page 14
Section 1.2.2, "Traditional Novell SSL VPN," on page 15
Section 1.2.3, "High-Bandwidth and Low-Bandwidth SSL VPNs," on page 16

1.2.1 ESP-Enabled Novell SSL VPN

In an ESP-enabled Novell SSL VPN, the process involved in establishing a secure connection
between a client machine and the different components of Novell Access Manager is as follows:
1. The user specifies the following URL to access the SSL VPN server:
https://<www.sslvpn.novell.com>/sslvpn/login
<www.sslvpn.novell.com> is the DNS name of the SSL VPN server, and /sslvpn/login is the
path of the SSL VPN server.
2. The SSL VPN redirects the browser to the Identity Server for authentication.
3. After successful authentication, the Identity Server redirects the browser back to SSL VPN.
4. The Identity Server propagates the session information to the SSL VPN server through the
Embedded Service Provider.
5. The SSL VPN server injects the SSL VPN policy for that user into the SSL VPN servlet. The
SSL VPN servlet processes the parameters and sends the policy information back to the server.
6. The SSL VPN checks if the client machine has sufficient security restraints. For more
information on client integrity checks, see
Integrity of the Client Machine," on page
7. When the user accesses the applications behind the protected network, the connection goes
through the secure tunnel formed with the SSL VPN server.
8. The browser stays open throughout the SSL VPN connection to allow the keep alive packets.
9. When the user clicks the logout button to close the SSL VPN session, all the client components
are automatically uninstalled from the workstation.
14 Novell Access Manager 3.1 SP2 SSL VPN Server Guide
Section 4.2.5, "Configuring a Custom Login Policy for SSL VPN," on page
Section 3.1, "Configuring Policies to Check the
38.
59.