Sign In
Upload
Manuals
Brands
NOVELL Manuals
Software
ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010
NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010 Manuals
Manuals and User Guides for NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010. We have
2
NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010 manuals available for free PDF download: Manual, User Manual
NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010 Manual (110 pages)
SSL VPN Server Guide
Brand:
NOVELL
| Category:
Software
| Size: 3 MB
Table of Contents
Table of Contents
5
Legal Notices
2
About this Guide
9
Additional Documentation
10
1 Overview of SSL VPN
11
SSL VPN Features
11
Traditional and ESP-Enabled SSL Vpns
14
ESP-Enabled Novell SSL VPN
14
Traditional Novell SSL VPN
15
High-Bandwidth and Low-Bandwidth SSL Vpns
16
SSL VPN Client Modes
16
Enterprise Mode
17
Kiosk Mode
19
2 Basic Configuration for SSL VPN
21
Configuring Authentication for the ESP-Enabled Novell SSL VPN
21
Accelerating the Traditional Novell SSL VPN
23
Configuring the Default Identity Injection Policy
24
Injecting the SSL VPN Header
24
Configuring the IP Address, Port, and Network Address Translation (NAT)
27
Configuring the SSL VPN Gateway Behind NAT or L4
28
Configuring the SSL VPN Gateway Without NAT or an L4 Switch
30
Configuring Route and Source NAT for Enterprise Mode
32
Configuring the Openvpn Subnet in Routing Tables
33
Configuring DNS Servers
33
Configuring DNS Servers for Enterprise Mode
33
Configuring DNS Servers for Kiosk Mode
34
Configuring Certificate Settings
35
3 Configuring End-Point Security and Access Policies for SSL VPN
37
Configuring Policies to Check the Integrity of the Client Machine
38
Selecting the Operating System
38
Configuring the Category
39
Configuring Applications for a Category
39
Configuring Attributes for an Application
40
Exporting and Importing Client Integrity Check Policies
44
Configuring Client Security Levels
45
Client Security Levels
45
Configuring a Security Level
46
Configuring Traffic Policies
46
Configuring Policies
47
Ordering Traffic Policies
49
Exporting and Importing Traffic Policies
50
Configuring Full Tunneling
50
Creating a Full Tunneling Policy
51
Modifying Existing Traffic Policies for Full Tunneling
52
4 Configuring How Users Connect to SSL VPN
55
Preinstalling the SSL VPN Client Components
55
Installing Client Components for Linux
55
Installing Client Components for Macintosh
55
Installing Client Components for Windows
56
Configuring Client Policies
56
Configuring Users to Connect Only in Enterprise Mode or Kiosk Mode
56
Allowing Users to Select the SSL VPN Mode
57
Configuring Client Cleanup Options
58
Configuring SSL VPN to Download the Java Applet on Internet Explorer
59
Configuring a Custom Login Policy for SSL VPN
59
Configuring SSL VPN to Connect through a Forward Proxy
60
Understanding How SSL VPN Connects through a Forward Proxy
61
Creating the Proxy.conf File
61
Configuring SSL VPN for Citrix Clients
62
Prerequisites
62
How It Works
62
Configuring a Custom Login Policy for Citrix Clients
63
Configuring the Access Gateway to Protect the Citrix Server
64
Configuring Single Sign-On between Citrix and SSL VPN
64
5 Clustering the High-Bandwidth
67
5 Clustering the High-Bandwidth SSL VPN Servers
67
Prerequisites
68
Limitations
68
Creating a Cluster of SSL VPN Servers
68
Section 5.1, "Prerequisites
68
Section 5.2, "Limitations
68
Section 5.3, "Creating a Cluster of SSL VPN Servers
68
Creating a Cluster of SSL VPN Servers
69
Adding an SSL VPN Server to a Cluster
70
Removing an SSL VPN Server from a Cluster
70
Clustering SSL VPN by Using an L4 Switch
71
Configuring a Cluster of ESP-Enabled SSL Vpns
71
Section 5.4, "Clustering SSL VPN by Using an L4 Switch
71
Configuring a Cluster of Traditional SSL Vpns by Using an L4 Switch
73
Clustering SSL Vpns by Using the Access Gateway Without an L4 Switch
74
Configuring the Access Gateway
74
Section 5.5, "Clustering SSL Vpns by Using the Access Gateway Without an L4 Switch
74
Installing the Scripts
75
Testing the Scripts
75
Configuring SSL VPN to Monitor the Health of the Cluster
76
Services of the Real Server
76
Section 5.6, "Configuring SSL VPN to Monitor the Health of the Cluster
76
Monitoring the SSL VPN Server Health
77
6 Monitoring the Ssl VPN Servers
79
Section 6.1, "Viewing and Editing SSL VPN Server Details
79
Viewing and Editing SSL VPN Server Details
79
Enabling SSL VPN Audit Events
80
Section 6.2, "Enabling SSL VPN Audit Events
80
Viewing SSL VPN Statistics
81
Viewing the SSL VPN Server Statistics
81
Section 6.3, "Viewing SSL VPN Statistics
81
Viewing the SSL VPN Server Statistics for the Cluster
83
Viewing the Bytes Graphs
84
Disconnecting Active SSL VPN Connections
84
Section 6.4, "Disconnecting Active SSL VPN Connections
84
Monitoring the Health of SSL VPN Servers
85
Monitoring the Health of a Single Server
85
Section 6.5, "Monitoring the Health of SSL VPN Servers
85
Monitoring the Health of an SSL VPN Cluster
86
Section 6.6, "Viewing the Command Status of the SSL VPN Server
87
Viewing Command Information
88
Viewing the Command Status of the SSL VPN Server
87
In the Administration Console, Click Devices > SSL Vpns
89
Viewing SSL VPN Alerts
90
Viewing SSL VPN Cluster Alerts
90
Monitoring SSL VPN Alerts
89
Configuring SSL VPN Alerts
89
Section 6.7, "Monitoring SSL VPN Alerts
89
7 Server Configuration Settings
93
Managing SSL VPN Servers
93
Configuring SSL VPN Servers
95
Modifying SSL VPN Server Details
96
8 Additional Configurations
99
Customizing the SSL VPN User Interface
99
Customizing the Home Page and Exit Page
99
Customizing Error Messages
99
Creating DH Certificates with Different Key Sizes
99
Creating a Configuration File to Add Additional Configuration Changes
100
Configuration
101
A Troubleshooting SSL VPN Configuration
101
Successfully Connecting to the Server
102
Connection Problems with Mozilla Firefox
102
Section A.1, "Successfully Connecting to the Server
102
Connection Problems with Internet Explorer
103
Adding Applications for Different Versions of Windows
103
Section A.2, "Adding Applications for Different Versions of Windows
103
The SSL VPN Server Is in a Pending State
104
Error: Failed to Fetch CIC Policy from the Server
104
SSL VPN Connects in Kiosk Mode, but There Is no Data Transfer
104
Section A.3, "The SSL VPN Server Is in a Pending State
104
Section A.4, "Error: Failed to Fetch CIC Policy from the Server
104
Section A.5, "SSL VPN Connects in Kiosk Mode, but There Is no Data Transfer
104
The TFTP Application and Groupwise Notify Do Not Work in Enterprise Mode
105
SSL VPN Not Reporting
105
Verifying and Restarting JCC
105
Verifying and Restarting the SSL VPN Server
105
Verifying SSL VPN Components
105
Section A.6, "The TFTP Application and Groupwise Notify Do Not Work in Enterprise Mode
105
Section A.7, "SSL VPN Not Reporting
105
Section A.8, "Verifying SSL VPN Components
105
SSL VPN Server
106
SSL VPN Linux Client
106
SSL VPN Macintosh Client
106
SSL VPN Windows Client
106
Unable to Contact the SSL VPN Server
106
Section A.9, "Unable to Contact the SSL VPN Server
106
Unable to Get Authentication Headers
107
The SSL VPN Connection Is Successful but There Is no Data Transfer
107
Unable to Connect to the SSL VPN Gateway
107
Section A.10, "Unable to Get Authentication Headers
107
Section A.11, "The SSL VPN Connection Is Successful but There Is no Data Transfer
107
Section A.12, "Unable to Connect to the SSL VPN Gateway
107
Multiple Instances of SSL VPN Are Running
108
Issue with the Preinstalled Enterprise Mode Client
108
Socket Exception Error after Upgrading SSL VPN
108
SSL VPN Server Is Unable to Handle the Session
108
Embedded Service Provider Status Is Red
108
Connection Manager Log Does Not Display the Client IP Address
108
Section A.13, "Multiple Instances of SSL VPN Are Running
108
Section A.14, "Issue with the Preinstalled Enterprise Mode Client
108
Section A.15, "Socket Exception Error after Upgrading SSL VPN
108
Section A.16, "SSL VPN Server Is Unable to Handle the Session
108
SSL VPN Full Tunnel Connection Disconnects on Vmware
109
Clustering Issues
109
Bringing up the Server if a Cluster Member Is down
109
Bringing up a Binary if It Is down
109
Section A.19, "SSL VPN Full Tunnel Connection Disconnects on Vmware
109
Section A.20, "Clustering Issues
109
Debugging a Cluster if Session Sharing Doesn't Properly Happen
110
Advertisement
NOVELL ACCESS MANAGER 3.1 SP2 - SSL VPN USER GUIDE 2010 User Manual (58 pages)
SSL VPN
Brand:
NOVELL
| Category:
Software
| Size: 1 MB
Table of Contents
Table of Contents
5
Legal Notices
2
About this Guide
7
1 Overview of SSL VPN
9
Access Modes
9
Kiosk Mode
9
Enterprise Mode
10
Client Machine Requirements
10
Linux Requirements
10
Macintosh Requirements
11
Windows Requirements
11
2 Accessing SSL VPN in Kiosk Mode
13
Accessing the SSL VPN User Portal
13
Switching from Kiosk Mode to Enterprise Mode
15
3 Accessing Ssl VPN in Enterprise
17
3 Accessing SSL VPN in Enterprise Mode
17
Prerequisites
17
Accessing SSL VPN When You Are an Admin or Root User
17
Section 3.1, "Prerequisites
17
Section 3.2, "Accessing SSL VPN When You Are an Admin or Root User
17
Accessing SSL VPN as a Non-Admin User
19
Section 3.3, "Accessing SSL VPN as a Non-Admin User
19
Switching from Enterprise Mode to Kiosk Mode
21
Enabling the Sudo Command for Standard Users in the Mac os
21
Section 3.4, "Switching from Enterprise Mode to Kiosk Mode
21
Section 3.5, "Enabling the Sudo Command for Standard Users in the Mac os
21
4 Accessing Published Citrix Applications through SSL VPN
23
Accessing Published Citrix Applications in Kiosk Mode
23
Accessing Published Citrix Applications in Enterprise Mode
23
5 Using Ssl VPN
25
Section 5.1, "Using the SSL VPN Home Page
25
Using the SSL VPN Home Page
25
Section 5.2, "Using the Policies Page
26
Using the Policies Page
26
Configuring the Cleanup Options
27
Section 5.3, "Configuring the Cleanup Options
27
Section 5.4, "Viewing SSL VPN Logs
28
Viewing SSL VPN Logs
28
Enabling Applications for SSL
29
Enabling Linux Applications for SSL
29
Section 5.5, "Enabling Applications for SSL
29
Enabling Macintosh Applications for SSL
30
Enabling Terminals for SSL
30
Logging out of the Active SSL VPN Session
30
Section 5.6, "Logging out of the Active SSL VPN Session
30
Section 5.7, "Using the Sandbox Feature
30
Using the Sandbox Feature
30
Error
31
Section 5.8, "Error
31
Connecting after the Session Timeout Period
32
Downloading the Applet on Internet Explorer
32
Section 5.10, "Downloading the Applet on Internet Explorer
32
Section 5.9, "Connecting after the Session Timeout Period
32
Error Messages
33
A Error Messages
33
AM.1000: Client Integrity Check Failed. Check Error Logs for more Information
36
AM.1001: Server Is Not Responding
36
AM.1002: Client Is Inactive for more than <X> Minutes. Please Log out
36
Out
36
AM.1004: Problem with One of the Underlying Components/Connection. Please Log out
36
AM.1005: Failed to Find Free Ports on the Client
37
AM.1006: Resource Not Found on the Gateway
37
AM.1007: Failed to Download SSL VPN Files from the Gateway
37
AM.1008: Unable to Fetch Configuration Information from the Gateway
37
AM.1009: Unable to Fetch Policy Information from the Gateway
37
AM.100A: User Denied Access. Please Contact the System Administrator
37
AM.100B: Openssl Needs to be Installed. Please Log out
37
AM.100C: Dependent Components Are Not Available in this System. Please Log out
37
AM.100D: Another Instance of SSL VPN Is Running. Please Close this Browser
38
AM.100E: SSL VPN Session Disconnected as Because the Server Is Not Responding. Please Log out
38
AM.100F: Gateway Internal Error. Please Contact the System Administrator
38
AM.100G: the Enterprise Server Is Down. Please Contact the System Administrator
38
AM.100H: the Kiosk Server Is Down. Please Contact the System Administrator
38
AM.100I: Your SSL VPN Connection was Terminated by the System Administrator. Please Log out
38
AM.100J: Your SSL VPN Connection was Terminated Because of Configuration Changes in the Server or Because the Server was Restarted. Please Log out
39
AM.101A: Failed to Find Free Ports for CIC on the Client
39
AM.101B: Failed to Install the CIC Package
39
AM.101C: Failed to Accept CIC Call
39
AM.101D: Invalid Message Type Received from CIC
39
AM.101E: Connection Closed by CIC
39
AM.101F: Failed to Uninstall the CIC Package
39
AM.101G: Error in CIC Policy Processing
40
AM.1305: Unable to Send Acknowledgment to the Applet for the DNS Message Received
44
AM.1306: Disconnect Message from the Applet was Incorrect (Incorrect Message Length)
44
AM.1307: Unable to Send Acknowledgment to the Applet for the Disconnect Message Received
45
AM.1308: Polresolver Received an Incomplete Message
45
AM.1309: Failed to Allocate Memory for Internal Operation
45
AM.1500: Failed to Send Statistics Request to Stunnel
45
AM.1501: Statistics Response Message from Stunnel was Incorrect (Incorrect Message Length)
45
AM.1502: Unable to Send Disconnect Message from Stunnel
45
AM.1503: Disconnect Acknowledgment Message from Stunnel was Incorrect (Incorrect Length of Message)
45
AM.1504: Incorrect Message from Stunnel (Incorrect Length of Message)
45
AM.1505: Invalid Message from Stunnel (Message Type Unknown)
45
AM.1506: SSL VPN Server Certificate Validation Failed. Please Log out
46
AM.1507: Disconnected Because of Hibernation/Standby. Please Log out
46
AM.1701: Openvpn Authentication Failed. Please Log out
46
AM.1702: Openvpn Connection Error. Please Log out
46
AM.1703: Received a Fatal Error from Openvpn. Please Log out
46
AM.1704: Policy Initialization Failed. Please Log out
47
AM.1705: Tunnel Adapter Interface Is Down. Please Log out
47
AM.1801: Service Is Not Running. Please Log out
47
AM.1801A: Connection to Service Failed
47
AM.1801B: Failed to Run SSL VPN Services
47
AM.1804: Maximum Attempts to Enter Password Reached. Please Close the Browser
48
AM.1805: Timeout Occurred While Entering Credentials. Please Close the Browser
48
AM.1805A: You Have Been Forced to Use the Enterprise Mode. Please Close the Browser
48
AM.1806: Unable to Initialize Browser Cache Cleaner
48
AM.1807: Failed to Update the Thin Client with Policies
48
AM.1808: Pop-Up Window Inactivity Time Is up
48
AM.1809: Error: Failed to Start SSL VPN Desktop Cleanup
49
AM.1810: Please Log out of the Current Session or Close the Browser before Connecting Again
49
Troubleshooting Ssl VPN
51
B Troubleshooting SSL VPN
51
SSL VPN Fails to Load if Firefox 3.0 Is Used on Vista 64-Bit
52
Error: Failed to Fetch CIC Policy from the Server
52
Stability Issues When You Use a Firefox Browser on a Vista 64-Bit Machine
52
Unable to Connect to SSL VPN Because of the Openvpn Error
52
Section B.1, "SSL VPN Fails to Load if Firefox 3.0 Is Used on Vista 64-Bit
52
Section B.2, "Error: Failed to Fetch CIC Policy from the Server
52
Section B.3, "Stability Issues When You Use a Firefox Browser on a Vista 64-Bit Machine
52
Section B.4, "Unable to Connect to SSL VPN Because of the Openvpn Error
52
The SSL VPN Applet Fails to Download on a SLED 11 64-Bit Machine
53
Unable to Connect to SSL VPN
53
Unable to Connect to SSL VPN from the same Internet Explorer Browser Session
53
Section B.5, "The SSL VPN Applet Fails to Download on a SLED 11 64-Bit Machine
53
Section B.6, "Unable to Connect to SSL VPN
53
Section B.7, "Unable to Connect to SSL VPN from the same Internet Explorer Browser Session
53
The SSL VPN Connection Fails with an Openvpn Connection Error
54
The Browser Cache Is Not Cleared When Multiple Tabs Are Used in Vista
54
Failed to Connect to SSL VPN
54
Section B.8, "The SSL VPN Connection Fails with an Openvpn Connection Error
54
Section B.9, "The Browser Cache Is Not Cleared When Multiple Tabs Are Used in Vista
54
Section B.10, "Failed to Connect to SSL VPN
54
Mozilla Firefox Browser Displays an "X" Mark
55
Applications Are Not Enabled from the Terminal after Running the Su Command
55
SSL VPN Session Disconnects after Approximately 10 Hours
55
Error: Failed to Download the SSLVPN Files from Gateway
55
Unable to Connect after the Previous Connection Ended Abruptly
55
Section B.11, "Mozilla Firefox Browser Displays an "X" Mark
55
Section B.12, "Applications Are Not Enabled from the Terminal after Running the Su Command
55
Section B.13, "SSL VPN Session Disconnects after Approximately 10 Hours
55
Section B.14, "Error: Failed to Download the SSLVPN Files from Gateway
55
Section B.15, "Unable to Connect after the Previous Connection Ended Abruptly
55
SSL VPN Client Displays the Nonsecure Items Dialog Box
56
Clear Cache Option Retains some Image Files in the Temporary Internet Folder
56
SSL VPN Fails to Retrieve Help Pages When There Is an Error
56
Section B.16, "SSL VPN Client Displays the Nonsecure Items Dialog Box
56
Section B.17, "Clear Cache Option Retains some Image Files in the Temporary Internet Folder
56
Section B.18, "SSL VPN Fails to Retrieve Help Pages When There Is an Error
56
The Browser Becomes Non-Responsive if Clear Browser Private Data Is Repeatedly Clicked
57
SSL VPN Issues with the Latest Versions of JRE 1.6
57
Unable to Access Protected HTTP Applications through a Safari Browser
57
Linux Browser Issues in Kiosk Mode
57
Section B.19, "The Browser Becomes Non-Responsive if Clear Browser Private Data Is Repeatedly Clicked
57
Section B.20, "SSL VPN Issues with the Latest Versions of JRE
57
Section B.21, "Unable to Access Protected HTTP Applications through a Safari Browser
57
Section B.22, "Linux Browser Issues in Kiosk Mode
57
Issues with the Intlclock Toolbar Application
58
Socks Client Logs Are Displayed under Service Logs
58
Connection Fails in SSL VPN if the Root User Password Is Not Set in Macintosh
58
Section B.23, "Issues with the Intlclock Toolbar Application
58
Section B.24, "Socks Client Logs Are Displayed under Service Logs
58
Section B.25, "Connection Fails in SSL VPN if the Root User Password Is Not Set in Macintosh
58
Advertisement
Related Products
NOVELL ACCESS MANAGER 3.1 SP2 - README 2010
NOVELL ACCESS MANAGER 3.1 SP2 BETA 1 - SCENARIOS 2009
NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER
Novell Access Manager 3.1 SP 1
Novell Access Manager 3.1 SP2 Beta 1
Novell Access Manager 3.1 SP 2
NOVELL IDENTITY MANAGER 3.6. - INTEGRATION
NOVELL IFOLDER 3 - ADMINISTRATION
NOVELL POLICY IN DESIGNER 3.5 - 09-18-2009
NOVELL Categories
Software
Server
Desktop
Printer
Recording Equipment
More NOVELL Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL