Chapter 18 SSL VPN

 

 

Table 78 SSL VPN Commands

 

COMMAND

 

 

 

DESCRIPTION

[no] eps periodical-check

Sets the number of minutes to have the ZyWALL repeat the endpoint

<1..1440>

 

 

 

security check at a regular interval. The no command disables this setting.

[no] network-extension {activate

Use this to configure for a VPN tunnel between the authenticated users and

ip-pool address_object 1st-dns

the internal network. This allows the users to access the resources on the

{address_object ip } 2nd-dns

network as if they were on the same local network.

{address_object ip } 1st-wins

ip-pool: specify the name of the pool of IP addresses to assign to the

address_object

ip

} 2nd-wins

{

 

user computers for the VPN connection.

{address_object ip } network

 

address_object}

 

 

 

Specify the names of the DNS or WINS servers to assign to the remote

 

 

 

 

users. This allows them to access devices on the local network using

 

 

 

 

domain names instead of IP addresses.

 

 

 

 

network: specify a network users can access.

[no] network-extension traffic-

Forces all SSL VPN client traffic to be sent through the SSL VPN tunnel. The

enforcement

 

 

 

no command disables this setting.

[no] user user_name

 

Specifies the user or user group that can use the SSL VPN access policy.

sslvpn policy move <1..16> to <1..16>

Moves the specified SSL VPN access policy to the number that you

 

 

 

 

specified.

sslvpn no connection username user_name

Terminates the user’s SSL VPN connection and deletes corresponding

 

 

 

 

session information from the ZyWALL.

 

 

no sslvpn policy profile_name

Deletes the specified SSL VPN access policy.

sslvpn policy rename profile_name

Renames the specified SSL VPN access policy.

profile_name

 

 

 

 

 

 

show workspace application

Displays the SSLVPN resources available to each user when logged into

 

 

 

 

SSLVPN.

show workspace cifs

 

 

 

Displays the shared folders available to each user when logged into

 

 

 

 

SSLVPN.

 

 

 

 

 

18.2.2 Setting an SSL VPN Rule Tutorial

Here is an example SSL VPN configuration. The SSL VPN rule defines:

Only users using the “tester” account can use the SSL VPN.

The ZyWALL will assign an IP address from 192.168.100.1 to 192.168.100.10 (defined in object “IP-POOL”) to the computers which match the rule’s criteria.

The ZyWALL will assign two DNS server settings (172.16.1.1 and 172.16.1.2 defined in objects DNS1 and DNS2) to the computers which match the rule’s criteria.

The SSL VPN users are allowed to access the ZyWALL’s local network, 172.16.10.0/24 (defined in object “Network1”).

Users have to access the SSL VPN using a computer that complies with all the following criteria (defined in object “EPS-1”):

Windows XP is installed.

TrendMicro PC-Cillin Internet Security 2007 is installed and activated.

 

153

ZyWALL (ZLD) CLI Reference Guide