![](http://pdfasset.owneriq.net/7/2a/72a5d99f-af90-4997-bef7-f14ea2238c28/72a5d99f-af90-4997-bef7-f14ea2238c28-bg104.png)
260
7
7. Virtual Private Networking
Using SSL Connections
The wireless VPN firewall provides a hardware-based SSL VPN solution designed specifically to
provide remote access for mobile users to their corporate resources, bypassing the need for a
preinstalled VPN client on their computers. Using the familiar Secure Sockets Layer (SSL)
protocol, commonly used for e-commerce transactions, the wireless VPN firewall can
authenticate itself to an SSL-enabled client, such as a standard web browser. Once the
authentication and negotiation of encryption information are completed, the server and client can
establish an encrypted connection. With support for up to 5 dedicated SSL VPN tunnels, the
wireless VPN firewall allows users to easily access the remote network for a customizable,
secure, user portal experience from virtually any available platform.
This chapter contains the following sections:
• SSL VPN Portal Options
• Overview of the SSL Configuration Process
• Configure Domains, Groups, and Users
• Configure Applications for Port Forwarding
• Configure the SSL VPN Client
• Use Network Resource Objects to Simplify Policies
• Configure User, Group, and Global Policies
• Access the New SSL Portal Login Screen
SSL VPN Portal Options
The wireless VPN firewall’s SSL VPN portal can provide two levels of SSL service to the
remote user:
• SSL VPN tunnel. Th
e wireless VPN firewall can provide the full network connectivity of a
VPN tunnel using the remote user’s browser instead of a traditional IPSec VPN client.
The SSL capability of the user’s browser provides authentication and encryption,
establishing a secure connection to the wireless VPN firewall. Upon successful
connection, an ActiveX-based SSL VPN client is downloaded to the remote computer to
allow the remote user to virtually join the corporate network.
The SSL VPN client provides a point-to-point (PPP) connection between
the client and
the wireless VPN firewall, and a virtual network interface is created on the user’s