D-Link DWC-1000 User Manual - Page 243

SSL VPN

Get D-Link DWC-1000 PDF manuals and user guides View all D-Link DWC-1000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 243 highlights

Chapter 9. SSL VPN  Th e fo llo win g feat u re is av ailab le u p o n licen s ed act iv at io n o f VPN / Firewall feat u res fo r t h e s y s t em. Th e co n t ro ller p ro vid es an in t rin sic SSL VPN feat u re as an alt ernate t o t he s tandard IPs ec VPN. SSL VPN d iffers fro m IPs ec VPN main ly b y remo v in g t h e req u iremen t o f a p re -in s t alled VPN clien t o n t h e remo t e h o st . In stead , u sers can s ecurely lo g in t hro ugh t he SSL Us er Po rt al u s in g a s tandard web browser and receive access to configured network res ources within the corporate LA N. Th e co n t ro ller s u pp orts mu lt ip le co n current s essio ns t o allo w remo t e u s ers t o acces s t h e LA N o v er an en cry p t ed lin k t h ro u g h a cu s t o mizab le u s er p o rt al i n t erface, an d each SSL VPN us er can be as s igned unique privileges and network res ource acces s levels . Th e remo t e u s er can b e p ro v id ed d ifferen t o p t io n s fo r SSL s erv ice t h ro u g h t h is co n t ro ller: VPN Tunnel : Th e remo t e u s er‟s SSL en ab led b ro ws er is u s ed in p lace o f a VPN clien t o n t h e remo t e h o s t t o es t ab lis h a s ecu re VPN t u n n el. A SSL VPN clien t (A ct iv e -X o r Jav a b as ed ) is in s t alled in t h e remo t e h o st t o allo w t h e clien t t o jo in t h e co rp o rat e LA N wit h p re -co n fig u red acces s/policy privileges. A t this point a virtual network interface is created on the us er‟s hos t and this will be as s igned an IP addres s and DNS s erver addres s from the controller. Once es t ab lis h ed , t h e h o s t mach in e can acces s allo cat ed n et wo rk res o u rces . Port Forwardi ng : A web -b as ed (A ct iv eX o r Jav a) clien t is in s t alled o n t h e clien t mach in e ag ain . No t e t h at Po rt Fo rward in g s ervice o n ly s u p p o rt s TCP co n n ect io n s b et ween t h e remo t e u s er an d t h e co n tro ller. Th e co ntro ller ad min is t rat or can d efin e s pecific s erv ices o r ap p lications t h at are av ailab le t o remo t e p o rt fo rward in g u s ers in s t ead o f acces s t o t h e fu ll LA N like t h e VPN t u n n el.  A ct iv eX clien t s are u s ed wh en t h e remo t e u ser accesses t h e p o rt al u s ing t he In t ern et Exp lo rer b ro ws er. Th e Jav a clien t is u s ed fo r o t h er b ro ws ers like M o zilla Firefo x, Net s cap e Nav ig at o r, Go o g le Ch ro me, an d A p p le Safari.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302
  • 303
  • 304
  • 305
  • 306
  • 307
  • 308
  • 309
  • 310
  • 311
  • 312
  • 313
  • 314
  • 315
  • 316
  • 317
  • 318
  • 319
  • 320
  • 321
  • 322
  • 323
  • 324
Chapter
9. SSL VPN
The following feature is available upon licensed activation of VPN /
Firewall features for the system.
The controller provides an intrinsic SSL VPN feature as an alternate to the standard IPsec VPN.
SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre-installed VPN
client on the remote host. Instead, users can securely login through the SSL User Portal us ing a
standard web browser and receive access to configured network resources within the corporate
LAN. The controller supports multiple concurrent sessions to allow remote users to access the
LAN over an encrypted link through a customizable user portal interface, and each SSL VPN
user can be assigned unique privileges and network resource access levels.
The remote user can be provided different options for SSL service through this controller:
VPN Tunnel
: The remote user‟s SSL enabled browser is used in
place of a VPN client on the
remote host to establish a secure VPN tunnel. A SSL VPN client (Active-X or Java based) is
installed in the remote host to allow the client to join the corporate LAN with pre-configured
access/policy privileges. At this point
a virtual network interface is created on the user‟s host
and this will be assigned an IP address and DNS server address from the controller. Once
established, the host machine can access allocated network resources.
Port Forwarding
: A web-based (ActiveX or Java) client is installed on the client machine
again. Note that Port Forwarding service only supports TCP connections between the remote
user and the controller. The controller administrator can define specific services or applications
that are available to remote port forwarding users instead of access to the full LAN like the
VPN tunnel.
ActiveX clients are used when the remote user accesses the portal using the
Internet Explorer browser. The Java client is used for other browsers like
Mozilla Firefox, Netscape Navigator, Google Chrome, and Apple Safari.