Ssl vpn overview, How ssl vpn works – H3C Technologies H3C MSR 50 User Manual
Page 419
34
SSL VPN overview
SSL VPN is a VPN technology based on SSL. It works between the transport layer and the application
layer. Using the certificate-based identity authentication, data encryption, and integrity verification
mechanisms that SSL provides, SSL VPN can establish secure connections for communications at the
application layer.
SSL VPN has been widely used for secure, remote Web-based access. For example, it can allow remote
users to access the corporate network securely.
shows a typical SSL VPN network. On the SSL
VPN gateway, you can create resources to represent the resources on the servers in the internal network.
To access an internal server, a remote user first needs to establish an HTTPS connection with the SSL VPN
gateway and then select the resources to be accessed. The SSL VPN gateway forwards the resource
access request to the internal server. In the SSL VPN deployed network, the SSL VPN gateway establishes
an SSL connection to a remote user. By authenticating the user before allowing the user to access an
internal server, it protects the internal servers.
Figure 402 Network diagram for SSL VPN configuration
How SSL VPN works
SSL VPN works in the following manner:
1.
The administrator logs in to the Web interface of the SSL VPN gateway, and then creates resources
to represent resources on the internal servers.
2.
A remote user establishes an HTTPS connection to the SSL VPN gateway. The SSL VPN gateway
and the remote user authenticate each other by using the certificate-based authentication function
provided by SSL.
3.
After establishing the HTTPS connection, the user can log in to the Web interface of the SSL VPN
gateway by entering the username and password and selecting the authentication method
(RADIUS authentication, for example). The SSL VPN gateway verifies the user information.
4.
After logging in to the Web interface, the user finds the resources of interest on the Web interface
and then the user client sends an access request to the SSL VPN gateway through an SSL
connection.