How ssl vpn works, Ssl vpn advantages, Support for various application protocols – H3C Technologies H3C SecPath F1000-E User Manual
Page 348: Simple deployment, Support for multiple authentication methods
336
How SSL VPN works
SSL VPN works in the following procedure:
1.
The administrator logs in to the Web interface of the SSL VPN gateway, and then creates resources
to represent resources on the internal servers.
2.
A remote user establishes an HTTPS connection to the SSL VPN gateway. The SSL VPN gateway
and the remote user authenticate each other by using the certificate-based authentication function
provided by SSL.
3.
After the HTTPS connection is established, the user can try to log in to the Web interface of the SSL
VPN gateway by entering the username and password and selecting the authentication method
(RADIUS authentication, for example). The SSL VPN gateway will verify the user information.
4.
After logging in to the Web interface, the user finds the resources of interest on the Web interface
and then the user client sends an access request to the SSL VPN gateway through an SSL
connection.
5.
The SSL VPN gateway resolves the request, interacts with the corresponding server, and then
forwards the server’s reply to the user.
SSL VPN advantages
SSL VPN provides the following advantages:
Support for various application protocols
Any application can be secured by SSL VPN without knowing the details. SSL VPN classifies the service
resources provided by applications into three categories:
•
Web proxy server resources—Web-based access enables users to establish HTTPS connections to
the SSL VPN gateway through a browser and thereby access the Web proxy server resources of the
servers.
•
TCP application resources—TCP-based access allows users to use their applications to access the
open service ports of the server securely. Such resources include remote access services, desktop
sharing services, email services, Notes mail services, and common application service resources.
•
IP network resources—IP-based access allows user hosts to communicate with servers at Layer 3
securely, supporting all IP-based applications to communicate with the servers.
Simple deployment
SSL has been integrated into most browsers, such as IE. Almost every PC installed with a browser
supports SSL. To access web-based resources, users only need to launch a browser that supports SSL.
When a user tries to access TCP-based or IP-based resources, the SSL VPN client software will be run
automatically, without requiring any manual intervention.
Support for multiple authentication methods
In addition to the certificate authentication method provided by SSL, SSL VPN also supports the following
authentication methods and any combination of two of the following methods:
•
Local authentication
•
RADIUS authentication
•
LDAP authentication
•
AD authentication
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS