beautypg.com

Installing the ssl vpn client – Amer Networks E5Web GUI User Manual

Page 639

background image

Note: Pool addresses must not exceed a /24 network size

SSL VPN will not function correctly if an IP address is handed out that exceeds the
size of a Class C subnet (a /24 network with netmask 255.255.255.0).

Primary DNS

The primary DNS address handed out to a connecting client.

Secondary DNS

The secondary DNS address handed out to a connecting client.

Client Routes

By default, all client traffic is routed through the SSL tunnel when the client software is
activated. This behavior can be changed by specifying that only specific IPv4 addresses,
networks or address ranges will be accessible through the tunnel.

When this is done, only the specified routes through the tunnel are added to the client's
routing table and all other traffic is routed as normal. A maximum of five custom routes can
be specified for a tunnel.

Add Route Option

Proxy ARP

So that SSL VPN clients can be found by a network connected to another Ethernet interface,
client IP addresses need to be explicitly ARP published on that interface.

This Add Route option allows the interfaces for ARP publishing to be chosen. In most
situations it will be necessary to choose at least one interface on which to publish the client
network.

9.6.3. Installing the SSL VPN Client

For the SSL VPN to function, a proprietary Clavister SSL VPN client application must be installed
on the client computer. This is done with the following steps:

1.

A web browser must be opened and the protocol https:// needs to be entered into the
browser navigation field followed by the IP address or URL for the Ethernet interface on the
security gateway that is configured for SSL VPN.

The IP address will be the same as the Server IP configured in the interface's SSL VPN object.
The port can also be specified after the IP address if it is different from the default value of
443.

With https, the security gateway will send a certificate to the browser that is not CA signed
and this must be accepted as an exception by the user before continuing.

2.

cOS Core now displays a login dialog in the browser.

3.

The credentials entered are checked against the user database. If the user is authenticated, a
web page is displayed which offers two choices:

i.

Download the Clavister SSL VPN client software

Chapter 9: VPN

639

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: