Chapter 20 Web VPN/ SSL VPN Since the Internet is in widespread use these days, the demand for secure remote connections is increasing. To meet this demand, using SSL VPN is the best solution. Using SSL VPN and just a standard browser, clients can transfer data securely by utilizing it s SSL security protocol, eliminating the need to install any software or hardware.
VPN Terminology: DES: DES, an acronym for Data Encryption Standard, is a cipher that was selected by NIST (National Institute of Standard and Technology), using a 56-bit key for encryption. 3DES: 3DES, an acronym for Triple Data Encryption Standard, providing significantly enhanced security by executing the core DES algorithm three times in a row, is more difficult to break than DES, using a 168-bit key size. AES: AES, an acronym for Advanced Encryption Standard, is more difficult to break than DES. The DES encryption key is 56 bits long; on the contrary, AES keys can be 128, 192 or 256 bits long. Setting Terminology: VPN Client IP: Account authentication, allocated IP address, RSA algorithm, communication protocol, ports and connection time can be set for connecting client users with the NUS-MS3000 device. The SSL VPN IP address range cannot overlap with the address from any of the following internal network segments or servers: LAN, DMZ and PPTP server. Internal Subnet of Server: Set the subnet of server that can be accessed by client user.
Status Terminology and symbol meanings used in the window: User Name: Shows the user name of the client user. Real IP: Show the real IP of the client user. VPN IP: Show the client IP addresses allocated by the NUS-MS3000 Uptime: Shows the connection duration between the client and NUS-MS3000 Configuration change: To stop the connection between the NUS-MS3000 and SSL VPN (Figure 20-1) Figure 20-1 Status Window Headings
Configuring Web/ SSL VPN Connection settings for External Clients Step 1. Click Interface > WAN, activate the HTTPS function (Figure 20-2). Figure 20-2 WAN Interface Step 2. Click Policy Object > Authentication > User, add the following entries: (Figure 20-3) Figure 20-3 User Entries Step 3. Click Policy Object > Authentication > User Group, add the following entries: (Figure 20-4) Figure 20-4 User Group Entries
Step 4. Click Web VPN/ SSL VPN > Setting Click Modify Check the Enable Web VPN checkbox (Figure 20-5) Figure 20-5 Enable Web VPN settings Enter 192.168.222.0/ 255.255.255.0 in the VPN IP Range field. From the Encryption Algorithm drop-down list, choose 3DES. From the Protocol drop-down list, choose TCP. Enter 1194 in the Server Port field. From the Authentication User or Group drop-down list, choose Laboratory. Enter 0 in the Auto- Disconnect if idle field. Click ok. A new Internal Subnet of Server appears that shows the internal subnet that the client is permitted to access. (Figure 20-6)
Figure 20-6 A new Web VPN interface is created
Step 5. Configure the setting from a browser: Enter http://61.11.11.11/sslvpn or http://61.11.11.11/webvpn in the URL field (the NUS-MS3000 interface address plus sslvpn or webvpn) Press Enter (Figure 20-7) Figure 20-7 Login SSL VPN Screen
Click Yes in the Security Alert window (Figure 20-8) Figure 20-8 Security Alert Window Click Yes in the Warning- Security window. (Figure 20-9) Figure 20-9 Warning- Security Window
Click Yes in the Warning-HTTPS window (Figure 20-10) Figure 20-10 Warning-HTTPS Window Click Yes in the Warning- Security window once again (Figure 20-11) Figure 20-11 Warning- Security Window
In the Authentication window, enter josh in the User Name field. Enter 123456789 in the Password field. Click OK. (Figure 20-12) Figure 20-12 Authentication Window Installation in progress (Figure20-13) Figure 20-13 SSL VPN Software Installation in Progress.
Connection success (Figure 20-14) Figure 20-14 Connection Complete
Step 6. To see the following connection information, click Web VPN/ SSL VPN > Status. (Figure 20-15) Figure 20-15 SSL VPN Connection
If the client users' PC doesn't have SUN JAVA Runtime Environment software installed then it will automatically be downloaded and installed during the SSL VPN connection login phase. (Figure 20-16, 20-17) Figure 20-16 Java Runtime Environment Plug-in CA Installer Screen Figure 20-17 Installing Java Runtime Environment Plug-in