1. Home
    2. /
  2. Manuals
    3. /
  3. D-Link
    4. /
  4. DSR-500N
    5. /
  5. 29
Page 141 / 270 Scroll up to view Page 136 - 140
Unified Services Router
User Manual
139
Figure 93: List of SSL VPN police s (Global filte r)
To add a SSL VPN policy, you must first assign it to a user, group, or make it global
(i.e. applicable to all SSL VPN users). If the policy is for a group, the available
configured groups are shown in a drop down menu and one must be selected.
Similarly, for a user defined policy a SSL VPN user must be chosen from the
available list of configured users.
The next step is to define the policy details. The policy name is a unique identifier for
this rule. The policy can be assigned to a specific Network Reso urce (details follow in
the subsequent section), IP address, IP network, or all devices on the LAN of the
router. Based on the selection of one of these four options, the appropriate
configuration fields are required (i.e. choosing the network resources fr om a list of
defined resources, or defining the IP addresses). For applying the policy to addresses
the port range/port number can be defined.
The final steps require the policy permission to be set to either permit or deny access
to the selected addresses or network resources. As well the policy can be specified for
one or all of the supported SSL VPN services (i.e. VPN tunnel)
Once defined, the policy goes into effect immediately. The policy name, SSL service
it applies to, destination (network resource or IP addresses) and permission
(deny/permit) is outlined in a list of configured policies for the router.
Page 142 / 270
Unified Services Router
User Manual
140
Figure 94: SSL VPN policy configuratio n
To configure a policy for a single user or group of users, enter the following
information:
Policy for: The policy can be assigned to a group of users, a single user, or all
users (making it a global policy). To customize the policy for specific users or
groups, the user can select from the Available Groups and Available Users
drop down.
Apply policy to: This refers to the LAN resources managed by the DSR, and
the policy can provide (or prevent) access to network resources, IP address, IP
network, etc.
Policy name: This field is a unique name for identifying the policy. IP
address: Required when the governed resource is identified by its IP address
or range of addresses.
Mask Length: Required when the governed resource is identified by a range
of addresses within a subnet.
Page 143 / 270
Unified Services Router
User Manual
141
ICMP: Select this option to include ICMP traffic
Port range: If the policy governs a type of traffic, this field is used for
defining TCP or UDP port number(s) corresponding to the governed traffic.
Leaving the starting and ending port range blank corresponds to all UDP and
TCP traffic.
Service: This is the SSL VPN service made available by this policy.
The
services offered are VPN tunnel, port forwarding or both.
Defined resources: This policy can provide access to specific network
resources.
Network resources must be configured in advance of creating the
policy to make them available for selection as a defined resource. Network
resources are created with the following information
Permission: The assigned resources defined by this policy can be explicitly
permitted or denied.
7.2.1 Using Network Resources
Setup > VPN Settings > SSL VPN Server > Resources
Network resources are services or groups of LAN IP addresses that are used to
easily create and configure SSL VPN policies. This shortcut saves time when
creating similar policies for multiple remote SSL VPN users.
Adding a Network Resource involves creating a unique name to identify the
resource and assigning it to one or all of the supported SSL services. Once this is
done, editing one of the created network resources allows you to configure the
object type (either IP address or IP range) associated with the service. The Network
Address, Mask Length, and Port Range/Port Number can all be defined for this
resource as required . A network resource can be defined by configuring the
following in the GUI:
Resource name: A unique identifier name for the resource.
Service: The SSL VPN service corresponding to the resource (VPN tunnel,
Port Forwarding or All).
Page 144 / 270
Unified Services Router
User Manual
142
Figure 95: List of configure d re source s, which are available to assign to
SSL VPN policie s
7.3
Application Port Forwarding
Setup > VPN Settings > SSL VPN Server > Port Forwarding
Port forwarding allows remote SSL users to access specified network applications or
s ervices after they login to the User Portal and launch the Port Forwarding service.
Traffic from the remote user to the router is detected and re-routed based on
configured port forwarding rules.
Internal host servers or TCP applications must be specified as being made accessible
to remote users. Allowing access to a LAN server requires entering the local server IP
address and TCP port number of the application to be tunnelled. The table below lists
some common applications and corresponding TCP port numbers:
TCP Application
Port Number
FTP Data (usually not needed)
20
FTP Control Protocol
21
SSH
22
Telnet
23
SMTP (send mail)
25
HTTP (w eb)
80
POP3 (receive mail)
110
NTP (netw ork time protocol)
123
Citrix
1494
Terminal Services
3389
VNC (virtual netw ork computing)
5900 or 5800
Page 145 / 270
Unified Services Router
User Manual
143
As a convenience for remote users, the hostname (FQDN) of the network server can
be configured to allow for IP address resolution. This host name resolution provides
users with easy-to-remember
FQDN’s to access TCP applications instead of error
-
prone IP addresses when using the Port Forwarding service through the SSL User
Portal.
To configure port forwarding, following are required:
Local Server IP address: The IP address of th e local server which is hosting
the application.
TCP port: The TCP port of the application
Once the new application is defined it is displayed in a list of configured applications
for port forwarding.
allow users to access the private network servers by using a hostname instead of an IP
address, the FQDN corresponding to the IP address is defined in the port forwarding
host configuration section.
Local server IP address: The IP address of the local server hosting the
application.
The application should be configured in advance.
Fully qualified domain name: The domain na me of the internal server is to be
specified
Once the new FQDN is configured, it is displayed in a list of configured hosts for port
forwarding.
Defining the hostname is optional as minimum requirement for port forwarding is
identifying the TCP application and local server IP address. The local server IP
address of the configured hostname must match the IP address of the configured
application for port forwarding.

Rate

4.5 / 5 based on 2 votes.

Popular D-Link Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top