NOTE:Before you proceed with this configuration, refer to Upgrading from Access Manager 3.0 SP4 to Access Manager 3.1 SP1
in the Novell Access Manager 3.1 SP1 Installation Guide to understand the prerequisites.
You cannot directly upgrade the traditional Novell SSL VPN from version 3.0 to version 3.1 of the ESP-enabled SSL VPN, but you cane export the traffic policies from the traditional 3.0 SSL VPN into the ESP-enabled 3.1 SSL VPN, which is installed on a separate machine.
The following table explains the various upgrade scenarios available when you want to upgrade from traditional SSL VPN to ESP-Enabled SSL VPN.
Table 5-2 Upgrade Scenarios
Serial Number |
Installation Scenarios |
Upgrade Procedure |
---|---|---|
1 |
Traditional SSL VPN, Identity Server, Linux Access Gateway, and Administration Console on separate machines |
For more information on migrating, see Section 5.4.2, Migrating Traffic Policies from Traditional SSL VPN to ESP- Enabled SSL VPN. |
2 |
Traditional SSL VPN, Identity User-friendly Administration Console on the same machine; Linux Access Gateway on a separate machine |
When SSL VPN is installed with any of the Novell Access Manager components, the Traditional SSL VPN server is automatically upgraded to 3.1. To migrate to the ESP-enabled version, do one of the following:
Proceed with Section 5.4.2, Migrating Traffic Policies from Traditional SSL VPN to ESP- Enabled SSL VPN. |
3 |
Traditional SSL VPN and Identity Server on the same machine, Administration Console and Linux Access Gateway on separate machines |
|
4 |
Traditional SSL VPN, Administration Console on the same machine; Identity Server Linux Access Gateway on a separate machine |
|
5 |
Traditional SSL VPN and Linux Access Gateway on same machine; Administration Console and Identity Server on separate machines |
You cannot migrate to the ESP-enabled version. |
If you have not already upgraded the Administration Console from SP4 to 3.1, upgrade it. For more information, see Upgrading the Administration Console
in the Novell Access Manager 3.1 SP1 Installation Guide.
To migrate the traffic policies from the traditional SSL VPN version to the ESP-enabled SSL VPN version:
In the Administration Console, click
>Select
from the section. The SSL VPN Traffic Policies page is displayed.Select the Traditional SSL VPN 3.0 SP4 from which you want to import the traffic policies, then click
.Specify a filename for the XML document.
Specify a location to save the XML file.
Install the ESP-enabled 3.1 SSL VPN. For more information, see Section 4.3, Installing ESP-Enabled SSL VPN.
Log in to the Administration Console into which you have imported the ESP-enabled SSL VPN, then click
> .Select
from the section, then click in the traffic policies page.Browse and select the XML file that contains the saved traffic policies.
NOTE:When the traffic policies are imported into the SSL VPN server, they might not retain their original order. To order the traffic rules, see Section 14.3.2, Rule Ordering.
Select Section 9.0, Configuring Authentication for ESP-Enabled Novell SSL VPN.
and establish a trust relationship with the Identity Server. For more information, seeTo save your modifications, click
, then click on the Configuration page.The health status of the SSL VPN server must display green.
Delete the traditional SSL VPN from the Administration Console, then uninstall it. For more information on uninstalling the SSL VPN server, see Section 7.0, Uninstalling the SSL VPN Server.