beautypg.com

Ssl vpn setup example, Setting up an ssl vpn interface – Amer Networks E5Web GUI User Manual

Page 643

background image

Should the SSL VPN client application terminate prematurely for some reason, the Windows
routing table may not be left in a consistent state and the automatically added all-nets route may
not have been removed.

To remedy this problem, the Clavister SSL VPN client software should be started by selecting it in
the Windows Start menu and then stopped.

Manually Specifying the Client's Default Gateway

If the SSL VPN client's connection to the server is NATed, it is important that the client's route to
the default gateway is not added manually in a DOS console using the route add command.

If the default gateway has been added in this way, the SSL VPN link will become established and
function for a short time before the link stops working and the client gives the following error
message: SSL stream closed unexpectedly. If the client console is then opened, it will show there
was an error when reading from the SSL socket.

This problem is solved by not using the DOS console to manually add the default gateway route.
Instead, do this through the Windows control panel or allow the SSL VPN client software to add
the route automatically.

9.6.4. SSL VPN Setup Example

Example 9.16. Setting Up an SSL VPN Interface

This example shows how to set up a new SSL VPN interface called my_sslvpn_if.

Assume that the physical interface If2 will be used to listen to client connections and this will
have an external IP address already defined in the address book called sslvpn_server_ip.
Connections will be made using SSL VPN to a server located on the network connected to the
security gateway's If3 Ethernet interface.

Assume also that the IPv4 addresses that can be handed out to clients are defined in the address
book object sslvpn_pool. This might contain the simple address range 10.0.0.2-10.0.0.9.

Another address book IP object sslvpn_inner_ip might then be set as 10.0.0.1 and this is the inner
IP of the cOS Core end of the tunnel.

1. Create an SSL VPN Object

Command-Line Interface

Device:/> add Interface SSLVPNInterface my_sslvpn_if

InnerIP=sslvpn_inner_ip
IPAddressPool=sslvpn_pool
OuterInterface=If2
ServerIP=sslvpn_server_ip
ProxyARPInterfaces=If3

Note: If multiple Proxy ARP interfaces are needed, they are specified as a comma separated list.
For example: If3,If4,If5.

InControl

Follow the same steps used for the Web Interface below.

Web Interface

Chapter 9: VPN

643

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: