NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Installing the SSL312

2-3

v1.1, November 2006

authorized for that user. The user’s subsequent requests for network services are decrypted by the

SSL VPN Concentrator and relayed to the appropriate network servers on the corporate network.

Routing mode has the advantage of unloading SSL traffic from your firewall. However, your

network may not be as well protected since the firewall can not inspect this traffic.

In later steps, you will use the following settings when configuring for routing operation.

•

Assign Ethernet Port 1 a public IP address.

•

Assign Ethernet Port 2 an IP address on your local network.

•

Enable Routing Mode.

Initial Connection to the SSL VPN Concentrator

In its factory default state, the SSL VPN Concentrator Ethernet Port 1 IP address is

192.168.1.1

and the Ethernet Port 2 IP address is

10.0.0.1

. Unless these default IP

addresses are compatible with your network, you must configure and connect a computer directly

to Ethernet Port 1 for initial configuration including reassignment of the Ethernet Port IP

addresses. This procedure is described in the following steps:

1.

Prepare a PC with an Ethernet adapter. If this PC is already part of your network, record its

TCP/IP configuration settings so that you can restore them later.

Figure 2-1

Note:

The SSL VPN Concentrator does not perform Network Address Translation

(NAT). Also, the SSL VPN Concentrator only enforces access policies on SSL

VPN traffic, not on other TCP/IP protocols. Therefore, the SSL VPN

Concentrator should always be used in conjunction with a network firewall.

SSL312

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

2-4

Installing the SSL312

v1.1, November 2006

2.

Configure your PC with a static IP address of

192.168.1.10

and

255.255.255.0

as the

subnet mask.

3.

Connect an Ethernet cable from your computer to Ethernet Port 1 on the front of the SSL VPN

Concentrator.

4.

Connect the power cord to the SSL312, turn on the concentrator and verify the following:

•

The PWR (power) light goes on immediately.

•

The TEST light goes off after about one minute, indicating that the system has initialized.

•

One of the Ethernet lights is lit: either the 10 Mbps or the 100 Mbps LED should light

showing that a connectivity link as been established

Accessing the Management Interface

Using the PC with the static IP address configured, you can log into the SSL VPN Concentrator

web management interface. The initial administrative setup of the concentrator must be performed

using a supported browser listed in

“Web Browser Requirements” on page 1-2

. The machine used

for management is referred to as the “Management Station”.

To log into the management interface:

1.

Connect to the SSL312 by opening your browser and entering

(for the

Ethernet Port 1 IP) in the address field. Be sure to type

https

, not

http

..

If you are connected to Ethernet Port 2 IP, the default address is

https://10.0.0.1.

Note:

You must have administrative access to the SSL VPN Concentrator to configure the

Management Interface settings

Figure 2-2

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Installing the SSL312

2-5

v1.1, November 2006

2.

A certificate security warning may appear. Click Yes or OK to continue. A login screen with

User Name and Password dialog boxes displays.

3.

When prompted, enter

admin

for the User Name and

password

for the Password, both in

lower case letters.

4.

From the Domain drop-down menu, select geardomain.

5.

Click Login to log in to the SSL VPN Concentrator Management Interface.

Once you have logged in, the following Status screen will display. The navigation links under

System Configuration, Access Administration, Monitoring, SSL VPN Portal and Web Support

headings on the left side of the browser window allow you to access and configure

administrative settings. When one of the navigation options is clicked, the corresponding

management configuration screen will display.

Figure 2-3

Note:

Both the user name and password are case-sensitive.

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

2-6

Installing the SSL312

v1.1, November 2006

Configuring Basic Network Settings

Before deploying the SSL VPN Concentrator into your existing network, you should configure the

following basic settings:

•

Change the administrator password

•

Configure DNS server IP address

Figure 2-4

NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual

Installing the SSL312

2-7

v1.1, November 2006

•

Configure a default route

•

Configure Ethernet interface IP addresses

Follow these steps to prepare for installation:

1.

Change the administrator account password.

a.

On the left side of the browser window, select the Users and Groups link.

b.

In the Users table, click on admin.

c.

Type your new Password and re-type to Confirm Password.

d.

Click Apply.

2.

Configure the DNS server IP address.

a.

On the left side of the browser window, select the Network link.

b.

In the Network menu, click the DNS Settings radio button.

c.

Enter at least one DNS server IP address.

d.

Click Apply.

3.

Configure a default route for Internet access.

a.

On the left side of the browser window, select the Network link.

b.

In the Network menu, click the Static Routes radio button.

c.

Specify the Default Gateway Address.

If you plan a single arm topology, the Default Gateway is your corporate firewall. Specify

that IP address for the ethernet-1 interface.

If you plan a routing topology, the Default Gateway for the ethernet-1 interface is your

Internet Service Provider’s gateway. The Default Gateway for the ethernet-2 interface is

your corporate firewall.

d.

Click Apply.

4.

Change the Ethernet port IP Addresses.

a.

Select the Network link.

b.

In the Network menu, click the Interfaces radio button.

c.

Enter your chosen Ethernet Port 1 IP Address and Subnet Mask.