D-Link DFL-260E User Manual for DFL-260E - Page 467
Configuring SSL VPN in NetDefendOS, Tip: The Inner IP can be pinged
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 467 highlights
9.6.2. Configuring SSL VPN in NetDefendOS Chapter 9. VPN The option exists with NetDefendOS SSL VPN to automatically ARP publish all client IPs on all firewall interfaces but this is not recommended because of the security issues that are raised. vi. Routes for clients do not need to be defined in the routing tables as these are added automatically by NetDefendOS when SSL VPN tunnels are established. • On the Windows based client side: A proprietary D-Link VPN SSL client application needs to be installed and configured to route traffic to the correct interface on the firewall. Installing and running the SSL VPN client software is done as part of the logging in process for users as they access the firewall through a web browser. The Windows based client software is automatically downloaded through the browser directly from the firewall. SSL VPN with PPPoE Where PPPoE is used as the method of connection to the NetDefend Firewall over the public Internet, it is possible to have SSL VPN fuction over the PPPoE connection. This is done by setting up the SSL VPN tunnel so that the Outer Interface property of the SSL VPN tunnel object is specifed to be a PPPoE configuration object instead of a physical Ethernet interface. Setting up a PPPoE interface object is described in Section 3.4.4, "PPPoE". 9.6.2. Configuring SSL VPN in NetDefendOS To configure the SSL VPN in NetDefendOS, an SSL VPN Interface object must be defined for each interface on which connections will be made. The object properties are as follows: General Options • Name A descriptive name for the object used for display in the NetDefendOS configuration. • Inner IP This is the IP number within the tunnel that SSL VPN clients will connect to. All clients that connect to the SSL VPN object interface are allocated an IP from the SSL VPN interface's IP Pool. All the pool addresses as well as the Inner IP must belong to the same network and these define the relationship between the firewall and the connecting clients. A private IP network should be used for this purpose. The Inner IP itself must not be one of the IP Pool addresses that can be handed out to connecting SSL VPN clients. Tip: The Inner IP can be pinged For troubleshooting purposes, an ICMP Ping can be sent to the Inner IP address. In order for NetDefendOS to be able to respond, an IP rule must exist that allows traffic to flow from the SSL VPN interface to core (in other words, to NetDefendOS itself). • Outer Interface The interface on which to listen for SSL VPN connection attempts. This could be a physical 467