R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG Router

viii

Displaying and maintaining SSH ······························································································································· 332

Stelnet configuration examples ··································································································································· 332

Password authentication enabled Stelnet server configuration example ······················································ 332

Publickey authentication enabled Stelnet server configuration example ······················································· 334

Password authentication enabled Stelnet client configuration example ························································ 339

Publickey authentication enabled Stelnet client configuration example ························································ 342

SFTP configuration examples ······································································································································ 344

Password authentication enabled SFTP server configuration example ·························································· 344

Publickey authentication enabled SFTP client configuration example ··························································· 346

SCP file transfer with password authentication ········································································································· 349

Network requirements ········································································································································· 350

Configuration procedure ···································································································································· 350

Configuring SSL ······················································································································································· 352

Overview ······································································································································································· 352

SSL security mechanism ······································································································································ 352

SSL protocol stack ··············································································································································· 353

FIPS compliance ··························································································································································· 353

Configuration task list ·················································································································································· 353

Configuring an SSL server policy ······························································································································· 353

Configuring an SSL client policy ································································································································ 355

Displaying and maintaining SSL ································································································································· 356

Troubleshooting SSL ····················································································································································· 356

SSL handshake failure ········································································································································· 356

Configuring SSL VPN ·············································································································································· 358

Advantages of SSL VPN ·············································································································································· 359

Configuring SSL VPN at the CLI ································································································································· 359

SSL VPN configuration example at the CLI ··············································································································· 360

Configuring SSL VPN in the Web interface ·············································································································· 362

Recommended configuration procedure ··········································································································· 362

Configuring PKI ··················································································································································· 363

Configuring the SSL VPN service ······················································································································· 374

Configuring Web proxy server resources········································································································· 375

Configuring TCP application resources ············································································································ 378

Configuring IP network resources ······················································································································ 384

Configuring a resource group ··························································································································· 390

Configuring local users ······································································································································· 391

Configuring a user group ··································································································································· 394

Viewing user information ···································································································································· 396

Performing basic configurations for the SSL VPN domain ·············································································· 397

Configuring authentication policies ··················································································································· 400

Configuring a security policy ····························································································································· 411

Customizing the SSL VPN user interface ··········································································································· 414

User access to SSL VPN ·············································································································································· 418

Logging in to the SSL VPN service interface ····································································································· 419

Accessing SSL VPN resources ···························································································································· 420

Getting help information ····································································································································· 421

Changing the login password ···························································································································· 422

SSL VPN configuration example in the Web interface ···························································································· 422

Configuration prerequisites ································································································································ 423

Verifying the configuration ································································································································· 436