R3721-F3210-F3171-HP High-End Firewalls VPN Configuration Guide-6PW101
333
[Firewall-pki-domain-sslvpn] certificate request entity en
[Firewall-pki-domain-sslvpn] quit
# Generate the local RSA key pair.
[Firewall] public-key local create rsa
# Retrieve the CA certificate.
[Firewall] pki retrieval-certificate ca domain sslvpn
# Apply for a certificate for the Firewall.
[Firewall] pki request-certificate domain sslvpn
2. Configure an SSL server policy for the SSL VPN service.
# Configure an SSL server policy named myssl, and specify the policy to use PKI domain sslvpn.
[Firewall] ssl server-policy myssl
[Firewall-ssl-server-policy-myssl] pki-domain sslvpn
[Firewall-ssl-server-policy-myssl] quit
3. Configure SSL VPN.
# Specify the SSL server policy myssl and port 443 (default) for the SSL VPN service.
[Firewall] ssl-vpn server-policy myssl
# Enable the SSL VPN service.
[Firewall] ssl-vpn enable
4. Verify the configuration.
On the user host, launch the IE browser and input https://10.1.1.1/svpn in the address bar. You
can open the web login interface of the SSL VPN gateway.
NOTE:
• For more information about PKI configuration commands, see
VPN Command Reference
.
• For more information about SSL configuration commands, see
Network Management Command
Reference
.
Web configuration required to implement SSL VPN
SSL VPN gateway configuration task list
Task Remarks
Configuring the SSL VPN service
Required.
Enable SSL VPN, and configure the port number for the SSL VPN
service and the PKI domain to be used.
Configuring web proxy server resources
Configure at least one type of resources.
By default, no resources are configured.
Configuring TCP application resources
Configuring IP network resources
Configuring a resource group
Required.
Configure a resource group and add resources to the resource
group.
By default, resource groups named autohome and autostart exist.