R2511-HP MSR Router Series Web-Based Configuration Guide(V5)
viii
Configuring RADIUS authentication ···················································································································· 66
Configuring LDAP authentication ························································································································· 67
Configuring AD authentication ···························································································································· 69
Configuring combined authentication ················································································································· 70
Configuring a security policy ········································································································································ 71
Customizing the SSL VPN user interface ····················································································································· 75
Customizing the SSL VPN interface partially ······································································································ 75
Customizing the SSL VPN interface fully ············································································································· 77
User access to SSL VPN ············································································································································· 78
Logging in to the SSL VPN service interface ··············································································································· 78
Accessing SSL VPN resources ······································································································································· 79
Getting help information ··············································································································································· 80
Changing the login password ······································································································································ 80
SSL VPN configuration example ······························································································································· 82
Network requirements ··················································································································································· 82
Configuration prerequisites ··········································································································································· 82
Configuration procedure ··············································································································································· 83
Configuring the SSL VPN service ························································································································· 83
Configuring SSL VPN resources ··························································································································· 86
Configuring SSL VPN users ·································································································································· 91
Configuring an SSL VPN domain ························································································································ 94
Verifying the configuration ············································································································································ 96
Managing certificates ················································································································································ 99
Overview ········································································································································································· 99
Recommended configuration procedure······················································································································ 99
Recommended configuration procedure for manual request ·········································································· 100
Recommended configuration procedure for automatic request ······································································ 101
Creating a PKI entity ···················································································································································· 102
Creating a PKI domain ················································································································································ 103
Generating an RSA key pair······································································································································· 106
Destroying the RSA key pair ······································································································································· 107
Retrieving and displaying a certificate ······················································································································ 107
Requesting a local certificate ······································································································································ 109
Retrieving and displaying a CRL ································································································································ 110
PKI configuration examples ········································································································································· 110
Certificate request from a Windows 2003 CA server ···················································································· 110
Certificate request from an RSA Keon CA server ···························································································· 114
IKE negotiation with RSA digital signature ······································································································· 118
Configuration guidelines ············································································································································· 124
Managing the system ·············································································································································· 125
Configuring Web management·································································································································· 125
Managing the configuration ······································································································································· 125
Saving the configuration ····································································································································· 125
Restoring factory defaults ··································································································································· 126
Backing up configuration ··································································································································· 126
Restoring configuration ······································································································································· 127
Backing up and restoring device files through the USB port ·········································································· 128
Rebooting the device ··················································································································································· 129
Managing services ······················································································································································· 130
Managing users ··························································································································································· 132
Creating a user ···················································································································································· 132
Setting the super password ································································································································ 133