4.3 Installing ESP-Enabled SSL VPN

When SSL VPN is deployed without the Access Gateway, an Embedded Service Provider (ESP) component is installed along with the SSL VPN server. This requires the Identity Server and the Administration server to also be installed. This deployment is called an ESP-enabled Novell SSL VPN.

4.3.1 Deployment Scenarios

For installing the ESP-Enabled version of SSL VPN, you have the following deployment scenarios:

Deployment Scenario 1: Installing SSL VPN on a Separate Machine

Figure 4-1 Deployment Scenario 1

This deployment scenario consists of a demilitarized zone, where the Identity Server and SSL VPN are deployed separately, without the Access Gateway. For installation instructions for this scenario, see Section 4.3.2, Installing the ESP-Enabled SSL VPN.

Deployment Scenario 2: Installing SSL VPN and the Identity Server on the Same Machine

Figure 4-2 Deployment Scenario 2

This deployment scenario consists of a demilitarized zone where the Identity Server and SSL VPN are on a single machine. The Access Gateway is deployed separately. For installation instructions for this scenario, see Section 4.3.2, Installing the ESP-Enabled SSL VPN.

Deployment Scenario 3: Installing SSL VPN and the Administration Console on the Same Machine

Figure 4-3 Deployment Scenario 3

This deployment scenario consists of a demilitarized zone where the SSL VPN, and Administration Console are on the same machine and the Linux Access Gateway and the Identity servers are deployed separately. For installation instructions for this scenario, see Section 4.3.2, Installing the ESP-Enabled SSL VPN.

Deployment Scenario 4: Installing SSL VPN, the Administration Console and the Identity server on the Same Machine

Figure 4-4 Deployment Scenario 4

This deployment scenario consists of a demilitarized zone where the Identity Server, SSL VPN, and Administration Console are on the same machine and the Linux Access Gateway is deployed separately. For installation instructions for this scenario, see Section 4.3.2, Installing the ESP-Enabled SSL VPN.

4.3.2 Installing the ESP-Enabled SSL VPN

The following installation steps are applicable to all the deployment scenarios for ESP-enabled SSL VPN. The individual scenarios are explained in Section 4.3.1, Deployment Scenarios.

  1. Do one of the following:

    • Insert the CD into the CD drive, then locate install.sh.

    • Untar the RPMs.

  2. At a command prompt, enter the following install script command:

    ./install.sh

    You are prompted to select an installation.

  3. Type 4 to install the ESP-Enabled SSL VPN, then press Enter.

  4. Optional When you are prompted to replace the low bandwidth SSL VPN RPM with the high bandwidth RPM, replace it if the security law permits you to do so.

    For more information on the high bandwidth SSL VPN, see High and Low Bandwidth Versions. For more information on installing the high bandwidth SSL VPN, see Section 4.5, Installing the RPM Containing Key For High Bandwidth SSL VPN.

  5. Review and accept the License Agreement.

  6. (Conditional) If the SSL VPN machine has been configured with multiple IP addresses, select an IP address for the SSL VPN server when you are prompted to do so.

  7. Specify the name of the administrator for the Administration Console.

  8. Specify the administration password.

  9. Confirm the password.

  10. (Conditional) If you are installing the SSL VPN server on the same machine as the Administration Console, you are not prompted for the IP address of the Administration Console. If the Administration Console is on a different machine, provide the IP address when you are prompted for it.

  11. Wait while the SSL VPN server is installed on your system and imported into the Administration Console, which takes about 2 minutes.

    The installation ends with the following message: Installation complete.

  12. To verify the installation of the SSL VPN, continue with Section 4.7, Verifying That Your SSL VPN Service Is Installed.