D-Link DSR-150N DSR-150 User Manual - Page 131

SSL VPN

Get D-Link DSR-150N PDF manuals and user guides View all D-Link DSR-150N manuals
Add to My Manuals
Save this manual to your list of manuals

Page 131 highlights

Chapter 7. SSL VPN Th e ro u t er p ro v ides a n in t rin sic SSL VPN feat u re as an alt ern at e t o t h e s t an d ard IPs ec VPN. SSL VPN d iffers fro m IPs ec VPN main ly b y remo v in g t h e req u iremen t o f a p re in s t alled VPN clien t o n t h e remo t e h o st. In s tead , u sers can s ecu rely lo g in t h ro u g h t h e SSL Us er Portal us ing a s tandard web brows er and receive acces s to configured n et wo rk res o u rces wit h in t h e co rp orate LA N. Th e ro u t er s u p p o rt s mu lt ip le co n cu rren t s es s io n s t o allo w remo t e u s ers t o acces s t h e LA N o v er an en cry p t ed lin k t h ro u g h a cu s t o mizab le u s er p o rt al in t erface, an d each SSL VPN u s er can b e as s ig n ed u n iq u e privileges and network res ource acces s levels . Th e remo t e u s er can b e p ro vid ed d ifferent o pt io ns fo r SSL s erv ice t h ro u g h t h is ro u t er:  VPN Tunnel : Th e remo t e u s er's SSL en ab led b ro ws er is u s ed in p lace o f a VPN clien t o n t h e remo t e h o s t t o es t ab lis h a s ecu re VPN t u n n el. A SSL VPN clien t (A ct iv e -X o r Jav a b as ed ) is in s t alled in t h e remo t e h o s t t o allo w t h e clien t t o jo in t h e co rp o rat e LA N wit h p re-co n fig u red acces s / p o licy p riv ileg es . A t t h is p o in t a virtual network interface is created on the user's hos t and this will be as s igned an IP addres s and DNS s erver addres s from the router. Once es tablis hed, the hos t mach in e can acces s allo cat ed n et wo rk res o u rces .  Port Forwardi ng : A web -b as ed (A ct iv eX o r Jav a) clien t is in s t alled o n t h e clien t mach in e ag ain . No t e t h at Po rt Fo rward in g s ervice o n ly s u p p o rt s TCP co n n ect io n s b et ween t h e remo t e u s er an d t he ro u ter. Th e ro ut er ad min is t rat or can d efine s pecific s erv ices o r ap p licatio ns t h at are av ailable t o remo t e p o rt fo rward in g u s ers in s t ead o f acces s t o t h e fu ll LA N like t h e VPN t u n n el.  A ct iv eX clien t s are u s ed wh en t h e remo t e u ser accesses t h e p o rt al u s ing t he In ternet Exp lo rer b ro ws er. Th e Jav a clien t is u s ed fo r o t h er b ro ws ers like M o zilla Firefo x, Net s cap e Nav ig at o r, Go o g le Ch ro me, an d A p p le Safari.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
Chapter
7.
SSL VPN
The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec
VPN. SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre-
installed VPN client on the remote host. Instead, users can securely login through the
SSL User Portal using a standard web browser and receive access to configured
network resources within the corporate LAN. The router supports multiple concurrent
sessions to allow remote users to access the LAN over an encrypted link through a
customizable user portal interface, and each SSL VPN user can be assigned unique
privileges and network resource access levels.
The remote user can be provided different options for SSL service through this router:
VPN Tunnel
: The remote user’s SSL enabled browser is used in place of a VPN
client on the remote host to establish a secure VPN tunnel. A SSL VPN client
(Active-X or Java based) is installed in the remote host to allow the client to join
the corporate LAN with pre-configured access/policy privileges. At this point a
virtual network interface is created on the user’s
host and this will be assigned an
IP address and DNS server address from the router. Once established, the host
machine can access allocated network resources.
Port Forwarding
: A web-based (ActiveX or Java) client is installed on the client
machine again. Note that Port Forwarding service only supports TCP connections
between the remote user and the router. The router administrator can define specific
services or applications that are available to remote port forwarding users instead
of access to the full LAN like the VPN tunnel.
ActiveX clients are used when the remote user accesses the portal using the Internet
Explorer browser. The Java client is used for other browsers like Mozilla Firefox,
Netscape Navigator, Google Chrome, and Apple Safari.