HP VPN Firewall Appliances VPN Configuration Guide
322
[Firewall] public-key local create rsa
# Retrieve the CA certificate.
[Firewall] pki retrieval-certificate ca domain sslvpn
# Apply for a certificate for the firewall.
[Firewall] pki request-certificate domain sslvpn
2. Configure an SSL server policy for the SSL VPN service:
# Configure an SSL server policy named myssl, and specify the policy to use PKI domain sslvpn.
[Firewall] ssl server-policy myssl
[Firewall-ssl-server-policy-myssl] pki-domain sslvpn
[Firewall-ssl-server-policy-myssl] quit
3. Configure SSL VPN:
# Specify the SSL server policy myssl and port 443 (default) for the SSL VPN service.
[Firewall] ssl-vpn server-policy myssl
# Enable the SSL VPN service.
[Firewall] ssl-vpn enable
4. Verify the configuration.
On the user host, launch the IE browser and input https://10.1.1.1/svpn in the address bar. You
can open the Web login interface of the SSL VPN gateway.
For more information about PKI configuration commands, SSL configuration commands, and the
public-key local create rsa command, see Network Management Command Reference.
NOTE:
You can also use the factory default certificate.
Configuring SSL VPN in the Web interface
In an SSL VPN, a user can establish up to 20 connections to access the resources in the VPN, including
IP network resources, TCP application resources, Web application resources, and the SSL VPN gateway
itself. However, a user can establish up to 10 connections to access TCP application resources.
Configuring SSL VPN gateway
Recommended configuration procedure
Ste
p
Remarks
1. Configuring the SSL VPN service
Required.
Enable SSL VPN, and configure the port number for the SSL
VPN service and the PKI domain to be used.
2. Configure the resources for users to access:
{ Configuring Web proxy server resources
{ Configuring TCP application resources
{ Configuring IP network resources
Configure at least one type of resources.
By default, no resources are configured.