Manualshelf

R3102-R3103-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG TAA-compliant Router
431432433434435436437438439440
420
Specify the default authentication method as RADIUS for the SSL VPN domain and enable
verification code authentication.
Figure 197 Network diagram
Configuration prerequisites
The SSL VPN gateway, the CA, and the hosts used by remote users can reach each other.
The CA is enabled with the CA service and can issue certificates to the SSL VPN gateway and the
hosts.
The RADIUS server is properly configured to provide normal authentication function for users. In this
example, you need to configure the shared key as expert, configure the user account and user
group information, and add users to user group user_gr2.
Configuration procedure
Configuring the SSL VPN service
1. Configure a PKI entity named en:
a. Select Certificate Management > Entity from the navigation tree.
b. Click Add to enter the PKI configuration page, as shown in Figure 198.
c. Enter the PKI
entity name en.
d. Enter common name http-server for the entity.
e. Click Apply.
Router
SSL VPN gateway
Host
Remote user
Internal servers
CA
Internet
10.2.1.1/24
10.1.1.1/24