D-Link DSR-500N Router Manual PDF (Setup & Configuration Guide)

Page 131 / 270 Scroll up to view Page 126 - 130

Chapter

7.

SSL VPN

The router provides an intrinsic SSL VPN feature as an alternate to the standard IPsec

VPN. SSL VPN differs from IPsec VPN mainly by removing the requirement of a pre -

installed VPN client on the remote host. Instead, users can securely login through the

SSL User Portal using a standard web browser and receive access to configured

network resources within the corporate LAN. The router supports multiple concurrent

sessions to allow remote users to access the LAN over an encrypted link through a

customizable user portal interface, and each SSL VPN user can be assigned unique

privileges and network resource access levels.

The remote user can be provided different options for SSL service through this router:



VPN Tunnel

: The remote user’s SSL enabled browser is used in place of a VPN

client on the remote host to establish a secure VPN tunnel. A SSL VPN client

(Active-X or Java based) is installed in the remote host to allow the client to join

the corporate LAN with p re-configured access/policy privileges. At this point a

virtual network interface is created on the user’s

host and this will be assigned an

IP address and DNS server address from the router. Once established, the host

machine can access allocated network resources.



Port Forwarding

: A web-based (ActiveX or Java) client is installed on the client

machine again. Note that Port Forwarding service only supports TCP connections

between the remote user and the router. The router administrator can define specific

services or applications that are available to remote port forwarding users instead

of access to the full LAN like the VPN tunnel.



ActiveX clients are used when the remote user accesses the portal using the Internet

Explorer browser. The Java client is used for other browsers like Mozilla Firefox,

Netscape Navigator, Google Chrome, and Apple Safari.

Page 132 / 270

Unified Services Router

User Manual

130

Figure 84: Example of clie ntle ss SSL VPN conne ctions to the DSR

Page 133 / 270

Unified Services Router

User Manual

131

7.1

Groups and Users

Advanced > Users > Groups

The group page allows creating, editing and deleting groups. The groups are

associated to set of user types. The lists of available groups

are displayed in the “List

of Group” page with Group name and description of group.



Click Add to create a group.



Click Edit to update an existing group.



Click Delete to clear an existing group.

Figure 85: List of groups

Group configuration page allows to create a group with a different type of users. The

user types are as follows:



PPTP User: These are PPTP VPN tunnel LAN users that can establish a tunnel

with the PPTP server on the WAN.



L2TP User: These are L2TP VPN tunnel LAN users that can establish a tunnel

with the L2TP server on the WAN.



Xauth User:

This user’s authentication is performed by an externally

configured RADIUS or other Enterprise server. It is not part of the local user

database.



SSLVPN User: This user has access to the SSL VPN services as determined

by the group policies and authentication domain of which it is a member. The

domain-determined SSL VPN portal will be displayed when logging in with

this user type.

Page 134 / 270

Unified Services Router

User Manual

132



Admin:

This is the router’s super

-user, and can manage the router, use SSL

VPN to access network resources, and login to L2TP/PPTP servers on the

WAN. There will always be one default administrator user for the GUI



Guest User (read-only): The guest user gains read only access to the GUI to

observe and review configuration settings. The guest does not have SSL VPN

access.



Captive Portal User: These captive portal users has access through the router.

The access is determined based on captive portal policies.

Idle Timeout: This the log in timeout period for users of this group.

Figure 86: Use r group configuration

When SSLVPN users are selected, the SSLVPN settings are displayed with the

following parameters as captured in SSLVPN Settings . As per the Authentication

Type SSL VPN details are configured.



Authentication Type: The authentication Type can be one of the follow ing:

Local User Database (default), Radius-PAP, Radius-CHAP, Radius -MSCHAP,

Radius -MSCHAPv2, NT Domain, Active Directory and LDAP.



Authentication Secret: If the domain uses RADIUS authentication then the

authentication secret is required (and this has to match the secret configured

on the RADIUS server).



Workgroup: This is required is for NT domain authentication. If there are

multiple workgroups, user can enter the details for up to two workgroups.



LDAP Base DN: This is the base domain name for the LDAP au thentication

server. If there are multiple LDAP authentication servers, user can enter the

details for up to two LDAP Base DN.

Page 135 / 270

Unified Services Router

User Manual

133



Active Directory Domain: If the domain uses the Active Directory

authentication, the Active Directory domain name is required. Us ers

configured in the Active Directory database are given access to the SSL VPN

portal with their Active Directory username and password. If there are

multiple Active Directory domains, user can enter the details for up to two

authentication domains.



Timeout: The timeout period for reaching the authentication server.



Retries: The number of retries to authenticate with the authentication server

after which the DSR stops trying to reach the server.

Figure 87: SSLVPN Se ttings

Login Policies

To set login policies for the group, s elect the corresponding group click

“L

ogin

policies

”. The following

parameters are configured:



Group Name: This is the name of the group that can have its login policy

edited

Rate

Popular D-Link Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share