Ssl vpn overview, How ssl vpn operates – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 893

872

SSL VPN overview

SSL VPN is a VPN technology based on SSL. It works between the transport layer and the application

layer. Using the certificate-based identity authentication, data encryption, and integrity verification

mechanisms that SSL provides, SSL VPN can establish secure connections for communications at the
application layer.
SSL VPN has been widely used for secure, remote Web-based access. For example, it can allow remote

users to access the corporate network securely.

Figure 648

shows a typical SSL VPN network. On the SSL

VPN gateway, you can create resources to represent the resources on the servers in the internal network.

To access an internal server, a remote user first needs to establish an HTTPS connection with the SSL VPN
gateway and select the resources to be accessed. Then, the SSL VPN gateway forwards the resource

access request to the internal server. In the SSL VPN deployed network, the SSL VPN gateway will

establish an SSL connection to a remote user and then authenticate the user before allowing the user to

access an internal server, protecting the internal servers.

Figure 927 Network diagram for SSL VPN configuration

How SSL VPN operates

SSL VPN operates as follows:

The administrator logs in to the Web interface of the SSL VPN gateway, and then creates resources
to represent resources on the internal servers.

A remote user establishes an HTTPS connection to the SSL VPN gateway. The SSL VPN gateway
and the remote user authenticate each other by using the certificate-based authentication function

provided by SSL.

After the HTTPS connection is established, the user can try to log in to the Web interface of the SSL
VPN gateway by entering the username and password and selecting the authentication method

(for example, RADIUS authentication). The SSL VPN gateway will verify the user information.

After logging in to the Web interface, the user finds the resources of interest on the Web interface.
The user client then sends an access request to the SSL VPN gateway through an SSL connection.

Internet

SSL VPN gateway

Remote user

Internal servers

Administrator

This manual is related to the following products:

H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module