D-Link DSR-500 User Manual - Page 91
SSL VPN - d link port forwarding
View all D-Link DSR-500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 91 highlights
Chapter 7. SSL VPN The router provides an intrinsic SSL VPN feature as an alternate to the standard IPSec VPN. SSL VPN differs from IPSec VPN mainly by removing the requirement of a preinstalled VPN client on the remote host. Instead, users can securely login through the SSL User Portal using a standard web browser and receive access to configured network resources within the corporate LAN. The router supports multiple concurrent sessions to allow remote users to access the LAN over an encrypted link through a customizable user portal interface, and each SSL VPN user can be assigned unique privileges and network resource access levels. The remote user can be provided different options for SSL service through this router: • VPN Tunnel: The remote user's SSL enabled browser is used in place of a VPN client on the remote host to establish a secure VPN tunnel. A SSL VPN client (Active-X or Java based) is installed in the remote host to allow the client to join the corporate LAN with pre-configured access/policy privileges. At this point a virtual network interface is created on the user's host and this will be assigned an IP address and DNS server address from the router. Once established, the host machine can access allocated network resources. • Port Forwarding: A web-based (ActiveX or Java) client is installed on the client machine again. Note that Port Forwarding service only supports TCP connections between the remote user and the router. The router administrator can define specific services or applications that are available to remote port forwarding users instead of access to the full LAN like the VPN tunnel. ActiveX clients are used when the remote user accesses the portal using the Internet Explorer browser. The Java client is used for other browsers like Mozilla Firefox, Netscape Navigator, Google Chrome, and Apple Safari. 7.1 Users, Groups, and Domains Advanced > Users > Users Authentication of the users (IPSec, SSL VPN, or GUI) is done by the router using either a local database on the router or external authentication servers (i.e. LDAP or RADIUS). The remote user must specify the user, group and domain when logging in to the router. One or more users are members of a Group. One or more Groups belong to an authentication Domain.