Creating a remote access SSL VPN
We want to configure and deploy a connection to enable remote users to access a local network. The VPN establishes an encrypted tunnel to provide secure access to company resources through TCP on port 443.
Objectives
When you complete this unit, you’ll know how to do the following:- Specify an address range for SSL VPN clients.
- Create a user group for SSL VPN clients and add a user.
- Define a local subnet and remote SSL VPN range.
- Add an SSL VPN remote access policy.
- Add a firewall rule.
- Download the SSL VPN client software from the client and connect to the internal network.
- Check connectivity.
Specify VPN settings
We specify an IP address range for SSL clients. This is a private address range. When SSL clients log on, they are assigned an address from the range.
Create a user group and add a user
We create a user group for the remote SSL VPN and add a user. The group specifies a surfing quota and access time. Users in the group are allowed unlimited access.
- Go to Add. and click
-
Specify the settings.
Option Description Name Remote SSL VPN group Surfing quota Unlimited internet access Access time Allowed all the time - Click Save.
- Go to Add. and click
-
Specify the settings.
Option Description Username john.smith Name John Smith Group Remote SSL VPN group - Click Save.
Define a local subnet and remote SSL VPN range
We create hosts for the local subnet and the remote SSL VPN range. The local subnet defines the network resources that remote clients will be able to access.
Add an SSL VPN remote access policy
We create a policy that allows clients in the “Remote SSL VPN group” to connect. These users are allowed to access resources on the local subnet.
Check authentication services
We use local authentication for firewall authentication methods and SSL VPN authentication methods.
Check device access settings
To be able to deploy the connection and to ensure that users have access to the connection, device access for SSL VPN and the user portal must be enabled.
Add a firewall rule
Deploy the connection
Install an authentication client and connect to the internal network using the VPN connection.
The following steps take place on the client computer.
Check connectivity
We check the connectivity from the client and on the firewall.