Manualshelf

R3303-HP 6600/HSR6600 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR6602-XG TAA-compliant Router
371372373374375376377378379380
358
Configuring SSL VPN
This feature is supported only on 6602 router.
Overview
SSL VPN is a VPN technology based on Secure Sockets Layer (SSL). It works between the transport layer
and the application layer. Using the certificate-based identity authentication, data encryption, and
integrity verification mechanisms that the SSL protocol provides, SSL VPN can establish secure
connections for communications at the application layer.
SSL VPN has been widely used for secure, remote Web-based access. For example, it can allow remote
users to access the corporate network securely. Figure 123 sh
ows a typical SSL VPN network. On the SSL
VPN gateway, the network administrator creates resources corresponding to the servers in the internal
network. To access an internal server, a remote user first needs to establish a Hypertext Transfer Protocol
Secure (HTTPS) connection with the SSL VPN gateway and selects the resources to be accessed. Then, the
SSL VPN gateway forwards the resource access request to the internal server. In the SSL VPN deployed
network, the SSL VPN gateway will establish an SSL connection with a remote user and then will
authenticate the user before allowing the user to access an internal server, and therefore the internal
servers are well protected.
Figure 123 Network diagram for SSL VPN configuration
The following is how SSL VPN operates:
1. The administrator logs in to the Web interface of the SSL VPN gateway, and then creates resources
corresponding to the internal servers.
2. The remote user establishes an HTTPS connection with the SSL VPN gateway. The SSL VPN
gateway and the remote user authenticate each other using the certificate-based authentication
function provided by SSL.
3. After the HTTPS connection is established, the user can try to log in to the Web interface of the SSL
VPN gateway by entering the username, password, and authentication method (RADIUS
authentication, for example). The SSL VPN gateway will verify the user information.
Internet
SSL VPN gateway
Remote user
Internal servers
Administrator