null  null
Setting up SSL Server for remote access to LAN
D-Link Australia & New Zealand Technical Support
Page 1 of 8
This configuration example is based on the following setup:
SSL Tunnel
Internet
SSL VPN Server on WAN
Secure SSL VPN
connection to LAN
modem
(bridged)
DFL-series
UTM Firewall
LAN
192.168.8.0/24
Step 1. Log into the firewall. The default access to LAN is via https://192.168.10.1. Default username is
“admin” and password is “admin”.
Step 2. Set your firewall’s WAN settings as per Internet provider requirements.
In our example WAN is set with a static IP address.
Step 3. Add a new object into the Address Book: “SSL IP Range”.
Specify the range of IP addresses which will be assigned to the clients connecting via SSL. These addresses should be
from the IP subnet used on your LAN. Make sure this range does not conflict with the range used by the DHCP Server
on your LAN.
D-Link Australia & New Zealand Technical Support
Page 2 of 8
Step 4. Go to System > Device > Local User Databases.
Add new Local User Database for the SSL users.
Open the newly created User Database and add your VPN users. Specify Username and Password for each
remote user.
D-Link Australia & New Zealand Technical Support
Page 3 of 8
Step 5. Go to Network> SSL. Add a new SSL VPN Interface.
Inner IP Address – set as “LAN_IP”.
Outer Interface – “WAN” (or if WAN is set with PPPoE select the PPPoE interface).
Server Port – set as “443” (i.e. access via HTTPS).
Specify the IP address pool and DNS assignment for SSL users.
D-Link Australia & New Zealand Technical Support
Page 4 of 8
Click on the Add Route tab and add “LAN” interface under Proxy ARP.
D-Link Australia & New Zealand Technical Support
Page 5 of 8
Step 6. Go to Policies > User Authentication > User Authentication Rules. Add a new rule.
Set Agent as “L2TP/PPTP/SSL”, Authentication as “Local”, Interface – “SSL-Server”.
Click on the Authentication Options tab. Make sure that under Local User DB you have your User Database
selected.
D-Link Australia & New Zealand Technical Support
Page 6 of 8
Step 7. Go to Policies > Main IP Rules. Create two IP Rules:
1. To allow SSL users to communicate with LAN (Allow rule).
2. To allow SSL users to access the Internet through the firewall (NAT rule).
D-Link Australia & New Zealand Technical Support
Page 7 of 8
Step 8. After the configuration is done, click “Configuration” in main bar and select “Save and Activate”.
Then click OK to confirm. Wait for 15 sec. You will be automatically redirected to the firewall’s LAN IP
address.
NOTE: If you do not re-login into the firewall within 30 sec, the configuration is reverted to its previous
state. The validation timeout can be adjusted under System > Remote Management > Advanced Settings.
To connect via SSL VPN a Remote User needs to open a Web Browser and type in the firewall’s WAN
address or URL (https://myfirewall.company.com).
Login using SSL username/password.
Download thin SSL client and connect via SSL.
D-Link Australia & New Zealand Technical Support
Page 8 of 8
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement