R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide
359
# Specify the SSL server policy myssl and port 443 (default) for the SSL VPN service.
[Router] ssl-vpn server-policy myssl
# Enable the SSL VPN service.
[Router] ssl-vpn enable
4. Verify the configuration.
On the user host, launch the IE browser and input https://10.1.1.1/svpn in the address bar. You
can open the Web login interface of the SSL VPN gateway.
For more information about PKI configuration commands, SSL configuration commands, and the
public-key local create rsa command, see Security Command Reference.
Configuring SSL VPN in the Web interface
You must first create a local user at the CLI of the router, and configure the service type as Web and user
privilege level as 3 for the local user. Then, you can use the user to log in to the Web interface of the
router to configure SSL VPN. For more information about local user configuration, see "Configuring
AAA."
Recommended configuration procedure
Ste
p
Remarks
1. Configuring PKI
Required.
Configure a PKI domain and request certificates.
2. Configuring the SSL VPN service
Required.
Enable SSL VPN, and configure the port number for the SSL
VPN service and the PKI domain to be used.
3. Configure the resources for users to access:
{ Configuring Web proxy server resources
{ Configuring TCP application resources
{ Configuring IP network resources
Configure at least one type of resources.
By default, no resources are configured.
4. Configuring a resource group
Required.
Configure a resource group and add resources to the
resource group.
By default, resource groups named autohome and autostart
exist.
5. Configuring local users
Required.
Configure local SSL VPN users—users that need to pass
local authentication to log in to the SSL VPN system.
By default, a local user named guest (without a password)
exists, in denied state.