Article Directory
1.SSL VPN Overview
SSL VPN is a secure remote access technology, because the use of the SSL protocol named.
Because Web browsers embedded SSL protocol support, making the SSL VPN can be "clientless" deployment, making use of remote access security is very simple, and the whole system easier to maintain.
SSL protocol-related blog links:
https://blog.csdn.net/csdn10086110/article/details/90742471
SSL VPN plug-in system is generally used to support a variety of TCP and UDP non-Web applications, making really be called SSL VPN is a VPN
And with respect to IPSec VPN more in line with the needs of application security has become the primary means of secure remote access and choice.
SSL VPN technology advantages
Identity Safe | It supports up to eight authentication, authentication support flexible combination of multiple password security |
---|---|
Endpoint Security | Anti-middle attacks Client Security checks the client SSL green zero mark |
Transport Security | Standard encryption algorithm |
Application security permissions | Role authorization, URL level authorization from the account binding primary server address camouflage, hide applications |
Security audit | Independent central log log grading center administrator privileges |
2.SSL VPN basic configuration
2.1 configuration interface
Red boxes indicate the meaning of the term mark
SSL VPN users | SSL VPN users concurrent access authorization |
---|---|
IPSec number of mobile users | SANGFOR VPN concurrent movement end user license PDLAN |
Number of Lines | External network number of the WAN line authorization |
Number of branches | Docking device with third-party standard IPSEC VPN Tunnels |
Remote application users | The number of concurrent users using remote application publishing resources |
2.2 SSL VPN Basic Configuration
Configuration Roadmap
1. Create a user (depending on the application scenario, select the authentication mode, multiple authentication methods can be combined certification)
2, published resources (types, resource types WEB type, TCP type, L3VPN type, according to the desired remote demand release application of four types)
3, create a role (the role of the role is to associate users with resources together, the effect is to make the user has permission to access what resources)
test results: Joe Smith has a user access to the ERP system after access VPN, In addition to accessing this resource, other resources do not have permission to access.
3. SSL VPN networking solutions
3.1 Network Gateway mode
(1) single-line gateways
User needs
Users will need to SSL VPN network as a network export equipment to meet the normal Internet computer within the network, while achieving external users access data through the SSL VPN security
Configuration Roadmap
1. Gateway mode configuration: external network port address information of the device configuration, external network port if the scene need to configure dial dial
2, Internet configuration: proxy access (NAT), to determine whether the network multi-segment network environment, if it is, then you need to add the appropriate return route packets back to the finger next to the device core switches.
3.2 arm mode network
(1) Single-arm line
User demand
user network has been deployed, the public network export a single line, and now need to deploy SSL VPN, without changes to the existing network topology to realize the external network access server to access resources
Configuration Roadmap
1, arm mode configuration: assign an IP address to the LAN port, fill in the correct IP Gateway, the DNS;
2, front Gateway TCP 443 and 80 do port mapping (if used IPSEC VPN also need to map the TCP / UDP 4009 port)