beautypg.com
viii
Performing basic configurations for the SSL VPN domain ························································································· 61
Configuring the domain policy ···························································································································· 61
Configuring the caching policy ··························································································································· 63
Configuring a bulletin ··········································································································································· 63
Configuring authentication policies ····························································································································· 64
Configuring local authentication ························································································································· 65
Configuring RADIUS authentication ···················································································································· 65
Configuring LDAP authentication ························································································································· 66
Configuring AD authentication ···························································································································· 68
Configuring combined authentication ················································································································· 69
Configuring a security policy ········································································································································ 70
Customizing the SSL VPN user interface ····················································································································· 74
Customizing the SSL VPN interface partially ······································································································ 75
Customizing the SSL VPN interface fully ············································································································· 77
User access to SSL VPN ············································································································································· 78
Logging in to the SSL VPN service interface ··············································································································· 78
Accessing SSL VPN resources ······································································································································· 79
Getting help information ··············································································································································· 80
Changing the login password ······································································································································ 81
SSL VPN configuration example ······························································································································· 82
Network requirements ··················································································································································· 82
Configuration prerequisites ··········································································································································· 82
Configuration procedure ··············································································································································· 83
Configuring the SSL VPN service ························································································································· 83
Configuring SSL VPN resources ··························································································································· 86
Configuring SSL VPN users ·································································································································· 91
Configuring an SSL VPN domain ························································································································ 94
Verifying the configuration ············································································································································ 96
Managing certificates ············································································································································· 100
Overview ······································································································································································· 100
Recommended configuration procedure···················································································································· 100
Recommended configuration procedure for manual request ·········································································· 101
Recommended configuration procedure for automatic request ······································································ 102
Creating a PKI entity ···················································································································································· 103
Creating a PKI domain ················································································································································ 104
Generating an RSA key pair······································································································································· 107
Destroying the RSA key pair ······································································································································· 108
Retrieving and displaying a certificate ······················································································································ 108
Requesting a local certificate ······································································································································ 110
Retrieving and displaying a CRL ································································································································ 111
PKI configuration examples ········································································································································· 111
Certificate request from a Windows 2003 CA server ···················································································· 111
Certificate request from an RSA Keon CA server ···························································································· 115
IKE negotiation with RSA digital signature ······································································································· 119
Configuration guidelines ············································································································································· 125
Managing the system ·············································································································································· 126
Configuring Web management·································································································································· 126
Managing the configuration ······································································································································· 126
Saving the configuration ····································································································································· 126
Restoring factory defaults ··································································································································· 127
Backing up configuration ··································································································································· 128
Restoring configuration ······································································································································· 128
