Novell Doc: Novell Access Manager 3.1 SP1 SSL VPN Server Guide - Installing ESP-Enabled SSL VPN on a Single Machine

8.1 Installing ESP-Enabled SSL VPN on a Single Machine

In a single-machine installation SSL VPN, the Identity Server, and the Administration Console are all installed on a single machine.

Figure 8-1 ESP-Enabled SSL VPNs installed on a Single Machine

The following sections explain the prerequisites and the procedures for single-machine installation:

8.1.1 Prerequisites

For the hardware and software requirements, see Section 4.1, Prerequisites.
Public IP address.

You might need up to three IP addresses, depending on your firewall settings. The SSL VPN server has following three listeners that communicate with the public network:
- Tomcat Connector for authentication
- Enterprise mode tunnel listener
- Kiosk mode tunnel listener
You need two public IP addresses, one for the Tomcat connector and one for the Kiosk mode tunnel, if your firewall setting allows only port 443 for secure communication and the Enterprise mode tunnel listens on UDP port 443. However, you need three public IP addresses if you require a TCP port for an Enterprise mode tunnel.
One private IP address. This is the IP address of the interface that is connected to the private LAN.
One public DNS name
One X.509 certificate, if the locally generated certificate is not sufficient.

8.1.2 Deployment Procedure

To install the ESP-enabled Novell SSL VPN on a single machine:

Install the Administration Console.

For more information on installing the Administration console, see Installing the Access Manager Administration Console in the Novell Access Manager 3.1 SP1 Installation Guide.
Install the Identity Server and the SSL VPN server by using the install.sh script.

For more information on installing the Identity Server, see Deployment Scenario 2: Installing SSL VPN and the Identity Server on the Same Machine.
Configure the Identity Server.

For more information on configuring the Identity Server, see Configuring an Identity Serverin the Novell Access Manager 3.1 SP1 Identity Server Guide.
Assign the Security certificate.

For more information, see Enabling SSL Communication in the Novell Access Manager 3.1 SP1 Setup Guide.
The SSL VPN server is auto-imported into the Administration Console after the installation.

Establish a trust relationship between the Identity Server and the SSL VPN server.

For more information, see Section 9.0, Configuring Authentication for ESP-Enabled Novell SSL VPN.
In the Administration Console, select Devices > SSL VPNs. The health status at this stage should be green, indicating that the SSL VPN server is properly imported into the Administration Console and a trust relationship between the Identity Sever and the SSL VPN server has been established.
Configure the Client Integrity check policies and other relevant configurations for SSL VPN.

For more information on configuring the SSL VPN, see Section III, Configuring SSL VPN.