This section explains how to create a basic configuration for the SSL VPN server.
If you have installed the ESP-enabled SSL VPN, continue with Section 2.4.1, Configuring Authentication for ESP-Enabled SSL VPN.
If you have installed the traditional SSL VPN, continue with Section 2.4.2, Accelerating the Traditional SSL VPN Server.
This section explains how to establish a trust relationship between the Identity Server and the Embedded Service Provider of the SSL VPN server.
Table 2-3 ESP-Enabled SSL VPN Configuration Information
What You Need To Know |
Example |
Your Value |
|
---|---|---|---|
Name of the Identity Server cluster |
idpa |
_______________________ |
|
DNS name of the SSL VPN machine |
sslvpn.test.novell.com |
_______________________ |
|
A certificate where the subject name matches the DNS name of the SSL VPN machine |
For information on how to create such a certificate, see |
||
For more information, see |
In the Administration Console, click
> > .Select
from the section.Fill in the following fields:
Identity Server Cluster: idpa
In Table 2-3, this is the sample name of the Identity Server cluster.
Authentication Contract: Select
.Embedded Service Provider Base URL: https:sslvpn.test:8443/sslvpn
In Table 2-3, this is the DNS name for the SSL VPN server. It assumes you want to use HTTPS. If you want to use HTTP, select http and make sure the port is 8080.
Redirect Requests from Non-Secure Port to Secure Port: Select this option if you are using HTTPS.
SSL VPN Certificate: Click the icon and select the certificate that has a subject name that matches the DNS name of the SSL VPN server.
Embedded Service Provider Certificate: Click the icon and select the certificate that has a subject name that matches the DNS name of the SSL VPN server.
Restart the Tomcat server when prompted.
Click
then click on the Configuration page.Click
on the Identity Server Configuration page.This section explains how to accelerate the traditional SSL VPN server in a path-based multi-homing configuration.
In the Administration Console, click
> , then click > .In the
, click , then provide the following values:Proxy Service Name: Specify
.Multi-Homing Type: Select
.Path: Specify /sslvpn.
Web Server IP Address: Specify the IP address of SSL VPN server.
Host Header: If your SSL VPN server has a DNS name, select
. Otherwise, select .Web Server Host Name: Specify the DNS name of the SSL VPN server if you selected
for the option.Click
.In the
, click > .Change the 80 to 8080, then click .
fromIn the
, select the .In the
, select the path, then click .Fill in the following fields:
Policy Container: Select Master_Container.
Policy: Select
. In the Policy List window, click , then click .Name: Select
.Click
twice, then update the Access Gateway and the SSL VPN server.