4.4 Installing the Traditional Novell SSL VPN

When SSL VPN is deployed with the Access Gateway, it is called a Traditional Novell SSL VPN. In this type of installation, SSL VPN is deployed with the Identity Server, Administration Console, and the Linux Access Gateway components of Novell Access Manager.

You can install the Traditional Novell SSL VPN either with the Linux Access Gateway on the same machine or with the Identity Server, or you can install the Linux Access Gateway, Identity Server, and SSL VPN on three different machines.

The following sections describe the different deployment scenarios that are available for the traditional Novell SSL VPN and also documents the installation steps:

4.4.1 Deployment Scenarios

The Novell SSL VPN can interoperate with the Access Gateway in different ways. Some of the deployment scenarios are:

Deployment Scenario 1: Linux Access Gateway and SSL VPN on the Same Server

Figure 4-5 Deployment Scenario 1

This deployment scenario consists of a demilitarized zone where the Linux Access Gateway and SSL VPN are on the same server and the Identity Server is deployed separately. For installation instructions for this scenario, see Installing SSL VPN with the Linux Access Gateway.

Deployment Scenario 2: SSL VPN Server Installed on a Separate Machine

Figure 4-6 Deployment Scenario 2

This deployment scenario consists of a demilitarized zone where the Access Gateway, Identity Server, and SSL VPN are deployed separately. For installation instructions for this scenario, see Section 4.4.2, Installing the Traditional Novell SSL VPN.

Deployment Scenario 3: Novell Identity Server and SSL VPN on the Same Server

This deployment scenario consists of a demilitarized zone where the Identity Server and SSL VPN are on one machine and the Access Gateway is deployed separately. For installation instructions for this scenario, see Installing SSL VPN on a Separate Machine, on the Same Machine With the Identity Server, or with the Administration Console.

Deployment Scenario 4: Novell Administration Console and SSL VPN on the Same Server

Figure 4-7 Deployment Scenario 4

This deployment scenario consists of a demilitarized zone where the Administration Console and SSL VPN are on one machine and the Access Gateway and Identity Server are deployed separately on different machines. For installation instructions for this scenario, see Installing SSL VPN on a Separate Machine, on the Same Machine With the Identity Server, or with the Administration Console.

Deployment Scenario 5: Administration Console, Identity Server, and SSL VPN on the Same Server

Figure 4-8 Deployment Scenario 5

This deployment scenario consists of a demilitarized zone where the Identity Server, Administration Console, and SSL VPN are on one machine and the Access Gateway is deployed separately. For installation instructions for this scenario, see Installing SSL VPN on a Separate Machine, on the Same Machine With the Identity Server, or with the Administration Console.

4.4.2 Installing the Traditional Novell SSL VPN

This section describes the installation procedures for different SSL VPN deployments:

Installing SSL VPN with the Linux Access Gateway

Standard Installation

The standard installation process installs SSL VPN along with the Linux Access Gateway. This is the preferred method of installation.

For more information on a standard installation of the Linux Access Gateway, refer to Using a Standard Linux Installation with the Default Settings in the Novell Access Manager 3.1 SP1 Installation Guide.

  1. Start the standard installation of the Linux Access Gateway. For details, refer to Using a Standard Linux Installation with the Default Settings in the Novell Access Manager 3.1 SP1 Installation Guide.

  2. In the Access Administrator Configuration section in the Novell Linux Access Gateway Configuration page, select the Enable On Box SSL VPN Server check box to install and configure SSL VPN on the Linux Access Gateway.

  3. Follow the on-screen instructions to continue with the Linux Access Gateway installation.

Advanced Installation

For an advanced installation of Linux Access Gateway, use the following steps to install SSL VPN:

  1. Start the advanced installation of the Linux Access Gateway. For details, refer to Installing the Linux Access Gateway Appliance in the Novell Access Manager 3.1 SP1 Installation Guide.

  2. On the Access Administrator Configuration page, select Enable On Box SSL VPN Server. This installs SSL VPN along with the Linux Access Gateway.

  3. Click Accept.

    The Installation Settings page is displayed. If the installation is successful, SSL VPN is displayed in the Software section.

  4. Follow the on-screen instructions to continue with the Linux Access Gateway installation.

Installing SSL VPN on a Separate Machine, on the Same Machine With the Identity Server, or with the Administration Console

You can use an install script to install the traditional Novell SSL VPN on a separate machine with the Identity Server on the same machine, or on the same machine with the Administration Console or with the Identity Server and the Administration Console.

  1. Do one of the following:

    • Insert the CD into the CD drive, then locate install.sh.

    • Untar the RPMs.

  2. At a command prompt, enter the following install script command:

    ./install.sh

    You are prompted to select an installation.

  3. Type 3 to install the ESP-Enabled SSL VPN, then press Enter.

  4. (Optional) When you are prompted to replace the low bandwidth SSL VPN RPM with the high bandwidth RPM, replace it if the security law permits you to do so.

    For more information on the high bandwidth SSL VPN, see High and Low Bandwidth Versions. For more information on installing the high bandwidth SSL VPN, see Section 4.5, Installing the RPM Containing Key For High Bandwidth SSL VPN.

  5. Review and accept the License Agreement.

  6. (Conditional) If the SSL VPN machine has been configured with multiple IP addresses, select an IP address for the SSL VPN server when you are prompted to do so.

  7. Specify the name of the administrator for the Administration Console.

  8. Specify the administration password.

  9. Confirm the password.

  10. Specify the IP address of the Administration Console.

  11. Wait while the SSL VPN server is installed on your system and imported into the Administration Console, which takes about 2 minutes.

    The installation ends with the following message: Installation complete.

  12. To verify the installation of the SSL VPN, continue with Section 4.7, Verifying That Your SSL VPN Service Is Installed.

Re-Installing SSL VPN on the Linux Access Gateway

If you have deleted the SSL VPN server that was installed along with the Linux Access Gateway, follow the steps given below to re-install it:

  1. Download and copy the Novell Access Manager tar.gz files to the Linux Access Gateway machine.

    For the actual filenames, see the Novell Access Manager Readme.

  2. Unpack the tar.gz file by using the following command:

    tar -xzvf <filename>

  3. At the command prompt, enter the following install script command:

    ./install.sh

  4. You are prompted to select an installation.

  5. When prompted to install the Novell SSL VPN Agent, press Enter.

  6. Review and accept the License Agreement.

  7. (Conditional) If the SSL VPN machine has been configured with multiple IP addresses, select an IP address for the SSL VPN server when you are prompted to do so.

  8. Specify the IP address of the Administration Console when prompted.

  9. Specify the name of the administrator for the Administration Console.

  10. Specify the administration password.

  11. Confirm the password.

  12. Wait while the SSL VPN server is installed on your system and imported into the Administration Console, which takes about 2 minutes.

    The installation ends with the following message: Installation complete.

  13. To verify the installation of the Access Gateway, continue with Section 4.7, Verifying That Your SSL VPN Service Is Installed.