SSL312 User Manual
Page 7
...VPN Client Configuration 6-2 Adding IP Address Ranges 6-3 Adding Routes for VPN Tunnel Clients 6-4 Configuring Applications for Port Forwarding 6-6 Configuring Host Name Resolution 6-8 Chapter 7 Additional System Configuration Configuring Network Settings 7-1 Sample SSL VPN Concentrator Configuration 7-1 Network Interface and Default Gateway Configuration 7-2 Static Route Configuration 7-4 Network Host Table Settings 7-6 Configuring DNS Settings 7-7 Setting Date and Time ...7-9 System Configuration Utilities 7-10 Encrypting the Configuration File 7-11 Exporting and Saving a Backup...
...VPN Client Configuration 6-2 Adding IP Address Ranges 6-3 Adding Routes for VPN Tunnel Clients 6-4 Configuring Applications for Port Forwarding 6-6 Configuring Host Name Resolution 6-8 Chapter 7 Additional System Configuration Configuring Network Settings 7-1 Sample SSL VPN Concentrator Configuration 7-1 Network Interface and Default Gateway Configuration 7-2 Static Route Configuration 7-4 Network Host Table Settings 7-6 Configuring DNS Settings 7-7 Setting Date and Time ...7-9 System Configuration Utilities 7-10 Encrypting the Configuration File 7-11 Exporting and Saving a Backup...
SSL312 User Manual
Page 9
... This Manual The NETGEAR® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to highlight information of note could result in the following paragraphs: • Typographical Conventions. You should have intermediate computer and Internet skills. This manual uses the following typographical conventions: Italics Bold Fixed italic Emphasis, books, CDs, file and server names, extensions User input, IP addresses, GUI screen text Command prompt, CLI text, code URL links...
... This Manual The NETGEAR® Prosafe™ SSL VPN Concentrator 25 SSL312 Reference Manual describes how to highlight information of note could result in the following paragraphs: • Typographical Conventions. You should have intermediate computer and Internet skills. This manual uses the following typographical conventions: Italics Bold Fixed italic Emphasis, books, CDs, file and server names, extensions User input, IP addresses, GUI screen text Command prompt, CLI text, code URL links...
SSL312 User Manual
Page 10
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Danger: This is written for the SSL VPN Concentrator according to these specifications: Product Version Manual Publication Date ProSafe SSL VPN Concentrator 25 SSL312 November 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, "Related Documents". Using This Manual The HTML version of this manual includes the following several options, according to PDF versions of contents and an button. website at a time •A button ...
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Danger: This is written for the SSL VPN Concentrator according to these specifications: Product Version Manual Publication Date ProSafe SSL VPN Concentrator 25 SSL312 November 2008 For more information about network, Internet, firewall, and VPN technologies, see the links to the NETGEAR website in Appendix B, "Related Documents". Using This Manual The HTML version of this manual includes the following several options, according to PDF versions of contents and an button. website at a time •A button ...
SSL312 User Manual
Page 12
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Revision History Version Date -01, v1.1 November 2006 -02, v1.0 December 2006 -02,v1.1 April 2007 -04,v2.0 May 2007 -05, v2.1 November 2008 Description of Changes • Restructured the contents so that common setup and configuration tasks are easier to find • Added new topics • Added a link to a Microsoft Word template for creating...
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Revision History Version Date -01, v1.1 November 2006 -02, v1.0 December 2006 -02,v1.1 April 2007 -04,v2.0 May 2007 -05, v2.1 November 2008 Description of Changes • Restructured the contents so that common setup and configuration tasks are easier to find • Added new topics • Added a link to a Microsoft Word template for creating...
SSL312 User Manual
Page 13
... a pre-installed VPN client on their laptops. About the ProSafe SSL VPN Concentrator 25 The ProSafe SSL VPN Concentrator 25 is completed, the server and client can easily access the remote network for installation ("Web Browser Requirements" on page 1-3). Chapter 1 Introduction This chapter describes some of the key features of popular browsers, such as a standard web browser. With support for 25 concurrent sessions, users can establish an encrypted connection. Once the authentication and negotiation of the SSL312 ("Hardware Description...
... a pre-installed VPN client on their laptops. About the ProSafe SSL VPN Concentrator 25 The ProSafe SSL VPN Concentrator 25 is completed, the server and client can easily access the remote network for installation ("Web Browser Requirements" on page 1-3). Chapter 1 Introduction This chapter describes some of the key features of popular browsers, such as a standard web browser. With support for 25 concurrent sessions, users can establish an encrypted connection. Once the authentication and negotiation of the SSL312 ("Hardware Description...
SSL312 User Manual
Page 14
... higher To configure the NETGEAR ProSafe SSL VPN Concentrator 25, an administrator must use Microsoft Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher or Mozilla Firefox 1.x (for the SSL VPN portal, not the web management interface. • Microsoft Windows: - Note that Java is required for Port Forwarding, Applications, and Terminal Services) Safari 1.2 or higher - Java: Sun JRE 1.1 or higher • Unix, Linux, or BSD: - NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Provides client-less access with...
... higher To configure the NETGEAR ProSafe SSL VPN Concentrator 25, an administrator must use Microsoft Internet Explorer 5.1 or higher, Apple Safari 1.2 or higher or Mozilla Firefox 1.x (for the SSL VPN portal, not the web management interface. • Microsoft Windows: - Note that Java is required for Port Forwarding, Applications, and Terminal Services) Safari 1.2 or higher - Java: Sun JRE 1.1 or higher • Unix, Linux, or BSD: - NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Provides client-less access with...
SSL312 User Manual
Page 15
...; Straight through Category 5 Ethernet cable. • A serial cable (included for Engineering and debugging purposes only) • Resource CD • ProSafe™ SSL VPN Concentrator 25 SSL312 Installation Guide • Warranty and Support Registration Card Hardware Description This section describes the front and rear hardware functions of applications. The default browser in the Box The product package should contain the following items: • ProSafe SSL VPN Concentrator 25 SSL312 • A power cord specific to take advantage of...
...; Straight through Category 5 Ethernet cable. • A serial cable (included for Engineering and debugging purposes only) • Resource CD • ProSafe™ SSL VPN Concentrator 25 SSL312 Installation Guide • Warranty and Support Registration Card Hardware Description This section describes the front and rear hardware functions of applications. The default browser in the Box The product package should contain the following items: • ProSafe SSL VPN Concentrator 25 SSL312 • A power cord specific to take advantage of...
SSL312 User Manual
Page 17
... the ProSafe SSL VPN Concentrator 25 in your network: • Installing the SSL312: choosing a network topology, configuring its IP addressing scheme, connecting the SSL312, and provisioning the SSL certificate. Figure 1-2 Note: Never substitute a power cord. Refer to Chapter 3, "Authenticating Users" and Chapter 4, "Setting Up User and Group Access Policies". • Configuring remote access to corporate network resources through the SSL312: designing the presentation Web portal that will display the available corporate resources to Chapter 5, "Configuring the Remote Access Web Portal...
... the ProSafe SSL VPN Concentrator 25 in your network: • Installing the SSL312: choosing a network topology, configuring its IP addressing scheme, connecting the SSL312, and provisioning the SSL certificate. Figure 1-2 Note: Never substitute a power cord. Refer to Chapter 3, "Authenticating Users" and Chapter 4, "Setting Up User and Group Access Policies". • Configuring remote access to corporate network resources through the SSL312: designing the presentation Web portal that will display the available corporate resources to Chapter 5, "Configuring the Remote Access Web Portal...
SSL312 User Manual
Page 20
... servers. . Routing In the routing, or two port, topology, the SSL VPN Concentrator is connected to the untrusted side of Ethernet Port 1. In later steps, you will use the following settings when configuring for most networks. Note: NETGEAR recommends single arm operation for single arm operation. • Assign Ethernet Port 1 an IP address on your local network. • Disable Ethernet Port 2. • Disable Routing Mode. • Define a default route to the firewall. • If your corporate network. 2-2 Installing the SSL312 v2.1, November 2008 Ethernet Port 1 is connected...
... servers. . Routing In the routing, or two port, topology, the SSL VPN Concentrator is connected to the untrusted side of Ethernet Port 1. In later steps, you will use the following settings when configuring for most networks. Note: NETGEAR recommends single arm operation for single arm operation. • Assign Ethernet Port 1 an IP address on your local network. • Disable Ethernet Port 2. • Disable Routing Mode. • Define a default route to the firewall. • If your corporate network. 2-2 Installing the SSL312 v2.1, November 2008 Ethernet Port 1 is connected...
SSL312 User Manual
Page 21
...not inspect this traffic. This procedure is 10.0.0.1. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual As shown in the following figure, encrypted SSL traffic from your firewall. Initial Connection to the SSL VPN Concentrator In its factory default state, the SSL VPN Concentrator Ethernet Port 1 IP address is 192.168.1.1 and the Ethernet Port 2 IP address is described in the following steps: Installing the SSL312 2-3 v2.1, November 2008 The user's subsequent requests for that user. Note: The SSL VPN Concentrator does not perform Network Address Translation (NAT).
...not inspect this traffic. This procedure is 10.0.0.1. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual As shown in the following figure, encrypted SSL traffic from your firewall. Initial Connection to the SSL VPN Concentrator In its factory default state, the SSL VPN Concentrator Ethernet Port 1 IP address is 192.168.1.1 and the Ethernet Port 2 IP address is described in the following steps: Installing the SSL312 2-3 v2.1, November 2008 The user's subsequent requests for that user. Note: The SSL VPN Concentrator does not perform Network Address Translation (NAT).
SSL312 User Manual
Page 22
... mask. 3. To log into the SSL VPN Concentrator web management interface. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. The machine used for the Ethernet Port 1 IP) in "Web Browser Requirements" on immediately. • The TEST light goes off after about one minute, indicating that you are connected to the SSL312, turn on the concentrator and verify the following: • The PWR (power) light goes on page 1-2. Prepare a PC with the static IP address configured, you can restore them later. 2. If...
... mask. 3. To log into the SSL VPN Concentrator web management interface. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 1. The machine used for the Ethernet Port 1 IP) in "Web Browser Requirements" on immediately. • The TEST light goes off after about one minute, indicating that you are connected to the SSL312, turn on the concentrator and verify the following: • The PWR (power) light goes on page 1-2. Prepare a PC with the static IP address configured, you can restore them later. 2. If...
SSL312 User Manual
Page 23
... the browser window allow you have logged in, the following Status screen will display. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. Note: Both the user name and password are case-sensitive. 4. When prompted, enter admin for the User Name and password for the Password, both in to continue. Figure 2-3 3. Once you to access and configure administrative settings. Click Login to log in lower case letters. Installing the SSL312 2-5 v2.1, November 2008 A certificate security warning...
... the browser window allow you have logged in, the following Status screen will display. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. Note: Both the user name and password are case-sensitive. 4. When prompted, enter admin for the User Name and password for the Password, both in to continue. Figure 2-3 3. Once you to access and configure administrative settings. Click Login to log in lower case letters. Installing the SSL312 2-5 v2.1, November 2008 A certificate security warning...
SSL312 User Manual
Page 25
...Installing the SSL312 2-7 v2.1, November 2008 b. c. Enter at least one DNS server IP address. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Configure Ethernet interface IP addresses To prepare for Internet access. Click Apply. 2. Select the Network link. In the Network menu, click the Interfaces radio button. Type your corporate firewall. The Default Gateway for the ethernet-1 interface. • If you plan a single arm topology, the Default Gateway is your new Password and re-type to Confirm Password. Change the Ethernet port IP Addresses...
...Installing the SSL312 2-7 v2.1, November 2008 b. c. Enter at least one DNS server IP address. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Configure Ethernet interface IP addresses To prepare for Internet access. Click Apply. 2. Select the Network link. In the Network menu, click the Interfaces radio button. Type your corporate firewall. The Default Gateway for the ethernet-1 interface. • If you plan a single arm topology, the Default Gateway is your new Password and re-type to Confirm Password. Change the Ethernet port IP Addresses...
SSL312 User Manual
Page 26
... corporate network, open a suitable browser and access the SSL VPN Concentrator web management interface by typing https:///portal/SSL-VPN. 4. Turn on your SSL VPN Concentrator. You can be reached by typing https://, where IP_address is connected to the SSL VPN Concentrator. If you assigned to the SSL312 Ethernet Port that the SSL server, such as admin using the following steps: 1. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual e. From a PC on the power to the user's browser. Click Apply. Turn off the power to the SSL VPN Concentrator and connect it...
... corporate network, open a suitable browser and access the SSL VPN Concentrator web management interface by typing https:///portal/SSL-VPN. 4. Turn on your SSL VPN Concentrator. You can be reached by typing https://, where IP_address is connected to the SSL VPN Concentrator. If you assigned to the SSL312 Ethernet Port that the SSL server, such as admin using the following steps: 1. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual e. From a PC on the power to the user's browser. Click Apply. Turn off the power to the SSL VPN Concentrator and connect it...
SSL312 User Manual
Page 28
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 2-5 2. Fill out all of the fields with the appropriate information. This information will appear in your certificate and will be visible to users. 2-10 v2.1, November 2008 Installing the SSL312 The Create CSR screen displays. 3. In the Digital Certificate Management section, click New CSR/CRT.
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual Figure 2-5 2. Fill out all of the fields with the appropriate information. This information will appear in your certificate and will be visible to users. 2-10 v2.1, November 2008 Installing the SSL312 The Create CSR screen displays. 3. In the Digital Certificate Management section, click New CSR/CRT.
SSL312 User Manual
Page 84
... that also has the IP address 10.0.0.45). • If you assign an entirely different subnet to the VPN Tunnel Clients than the subnet used by the corporate network, you must create access policies to block undesirable traffic at the SSL VPN Concentrator rather than VPN Tunnel. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Detects and reroutes individual data streams to the Port Forwarding connection rather than opening up a full tunnel to...
... that also has the IP address 10.0.0.45). • If you assign an entirely different subnet to the VPN Tunnel Clients than the subnet used by the corporate network, you must create access policies to block undesirable traffic at the SSL VPN Concentrator rather than VPN Tunnel. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Detects and reroutes individual data streams to the Port Forwarding connection rather than opening up a full tunnel to...
SSL312 User Manual
Page 94
... IP settings configuration, also configure SSL VPN Concentrator DNS settings and network routes. Click Apply to those subnets. 7-4 Additional System Configuration v2.1, November 2008 From the Network screen, you must configure static routes to save your settings. Click Apply to the default gateway address. 3. Note: The SSL VPN Concentrator administrative session will be the address of an IP address. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5. If the interface is in conjunction with a network firewall. Static Route Configuration If your web...
... IP settings configuration, also configure SSL VPN Concentrator DNS settings and network routes. Click Apply to those subnets. 7-4 Additional System Configuration v2.1, November 2008 From the Network screen, you must configure static routes to save your settings. Click Apply to the default gateway address. 3. Note: The SSL VPN Concentrator administrative session will be the address of an IP address. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 5. If the interface is in conjunction with a network firewall. Static Route Configuration If your web...
SSL312 User Manual
Page 22
... to the SSL VPN Concentrator to as the subnet mask. 3. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. The initial administrative setup of the SSL VPN Concentrator. 4. Configure your browser and entering https://192.168.1.1 (for management is https://10.0.0.1. 2-4 Installing the SSL312 v1.1, November 2006 Connect to the SSL312 by opening your PC with the static IP address configured, you are connected to Ethernet Port 2 IP, the default address is referred to configure the Management Interface settings To log into the SSL VPN Concentrator web management...
... to the SSL VPN Concentrator to as the subnet mask. 3. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual 2. The initial administrative setup of the SSL VPN Concentrator. 4. Configure your browser and entering https://192.168.1.1 (for management is https://10.0.0.1. 2-4 Installing the SSL312 v1.1, November 2006 Connect to the SSL312 by opening your PC with the static IP address configured, you are connected to Ethernet Port 2 IP, the default address is referred to configure the Management Interface settings To log into the SSL VPN Concentrator web management...
SSL312 User Manual
Page 25
... the browser window, select the Network link. c. Configure the DNS server IP address. In the Network menu, click the DNS Settings radio button. Specify the Default Gateway Address. a. Type your Internet Service Provider's gateway. a. d. In the Network menu, click the Interfaces radio button. b. In the Users table, click on admin. Click Apply. 4. Change the Ethernet port IP Addresses. Select the Network link. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Configure a default route • Configure Ethernet interface IP addresses Follow these steps to...
... the browser window, select the Network link. c. Configure the DNS server IP address. In the Network menu, click the DNS Settings radio button. Specify the Default Gateway Address. a. Type your Internet Service Provider's gateway. a. d. In the Network menu, click the Interfaces radio button. b. In the Users table, click on admin. Click Apply. 4. Change the Ethernet port IP Addresses. Select the Network link. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Configure a default route • Configure Ethernet interface IP addresses Follow these steps to...
SSL312 User Manual
Page 82
... - The Firefox browser is defined in the Network menu. Create a static route on the corporate network's firewall to forward local traffic intended for example, if your laptop has a network interface IP address of the VPN Tunnel Client does not conflict with addresses on your local network. VPN Tunnel supports Version 1.4 (Tiger). • Browsers. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Detects and reroutes individual data streams to the Port Forwarding connection rather than opening up a full tunnel to the corporate...
... - The Firefox browser is defined in the Network menu. Create a static route on the corporate network's firewall to forward local traffic intended for example, if your laptop has a network interface IP address of the VPN Tunnel Client does not conflict with addresses on your local network. VPN Tunnel supports Version 1.4 (Tiger). • Browsers. NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual • Detects and reroutes individual data streams to the Port Forwarding connection rather than opening up a full tunnel to the corporate...