VPN

8

 

Configuring SSL VPN

 

 

 

 

 

Accessing SSL VPN Portal

The SSL VPN portal provides a message to remind users to install the Cisco AnyConnect Secure Mobility Client software to connect to the SSL VPN server. You can find the software installers from the CD that is packed with the device or download the software installers from Cisco.com. See Installing Cisco AnyConnect Secure Mobility Client, page 375.

You can access the SSL VPN portal via a web browser from the WAN side by using the HTTPS protocol. You must first enable the SSL VPN feature on the security appliance and then enter the entire address pair “Gateway IP address:Gateway port number” in the address bar to access the SSL VPN portal.

Allowing SSL VPN Clients to Access the Internet

Enabling Client Internet Access will automatically create advanced NAT rules to allow SSL VPN clients to access the Internet over SSL VPN tunnels. This section provides an example of manually configuring advanced NAT rules to allow SSL VPN clients to access the Internet over SSL VPN tunnels.

STEP 1 Assuming that you enable the SSL VPN feature and configure the gateway settings as follows.

Field

Setting

 

 

Gateway Interface

WAN1

 

 

Gateway Port

443

 

 

Certificate File

default

 

 

Client Address Pool

192.168.200.0

 

 

Client Netmask

255.255.255.0

 

 

STEP 2 If only a single WAN interface is configured, go to the Firewall > NAT > Advanced NAT page to create an advanced NAT rule as follows.

Field

Name

Setting

SSLVPN_to_WAN1

Cisco ISA500 Series Integrated Security Appliances Administration Guide

382

Page 382
Image 382
Casio ISA550WBUN3K9 manual Accessing SSL VPN Portal, Allowing SSL VPN Clients to Access the Internet