HP VPN Firewall Appliances VPN Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

321

322

323

324

325

326

327

328

329

330

319

How SSL VPN works

SSL VPN works in the following procedure:

1. The administrator logs in to the Web interface of the SSL VPN gateway, and then creates resources

to represent resources on the internal servers.

2. A remote user establishes an HTTPS connection to the SSL VPN gateway. The SSL VPN gateway

and the remote user authenticate each other by using the certificate-based authentication function

provided by SSL.

3. After the HTTPS connection is established, the user can try to log in to the Web interface of the SSL

VPN gateway by entering the username and password and selecting the authentication method

(for example, RADIUS authentication). The SSL VPN gateway will verify the user information.

4. After logging in to the Web interface, the user finds the resources of interest on the Web interface.

The user client then sends an access request to the SSL VPN gateway through an SSL connection.

5. The SSL VPN gateway resolves the request, interacts with the corresponding server, and then

forwards the server's reply to the user.

Advantages of SSL VPN

SSL VPN provides these advantages:

• Support for various application protocols. SSL VPN can secure any application without knowing the

details. SSL VPN classifies the service resources provided by applications into three categories:

{ Web proxy server resources—Web-based access enables users to establish HTTPS connections

to the SSL VPN gateway through a browser. Thus, users can access the Web proxy server

resources of the servers.

{ TCP application resources—TCP-based access allows users to use their applications to access

the open service ports of the server securely. Such resources include remote access services,

desktop sharing services, email services, Notes mail services, and common application service

resources.

{ IP network resources—IP-based access allows user hosts to communicate with servers at Layer

3 securely. It supports all IP-based applications to communicate with the servers.

• Simple deployment. SSL is integrated into most browsers, such as IE. Almost every PC installed with

a browser supports SSL. To access Web-based resources, a user only needs to launch a browser

that supports SSL. When a user tries to access TCP-based or IP-based resources, the SSL VPN client

software runs automatically, without requiring any manual intervention.

• Support for multiple authentication methods and reauthentication. In addition to the certificate

authentication method provided by SSL, SSL VPN supports the following authentication methods:

{ Local authentication

{ RADIUS authentication

{ LDAP authentication

{ AD authentication

SSL VPN also supports using one of the four authentication methods for client reauthentication. To

implement client reauthentication, you must specify the same method for the first authentication

and the second authentication.