Document title Document version Date created

: : :

SSL VPN remote access procedures 1.1 25 December 2010

****************************************************************************************** Changes to document : To incorporate establishment of SSL VPN tunnel via static and dynamic WAN IP addresses ****************************************************************************************** The computer network at Answers-In-Law (AIL) has 2 broadband Internet links from: 1. Time Telekom using a static WAN IP address of 211.24.177.17 2. Telekom Malaysia using a dynamic WAN IP address. A dynamic IP address means that the address as provided by the service provider changes every time the broadband link or the router is reset. The router is automatically provisioned with a new IP address whenever this occurs. This document illustrates the steps and procedures to: 1. install the SSL VPN (Secure Sockets Layer Virtual Private Network) client plug-in software via either the static or dynamic IP address. 2. establish the connection from a remote PC/notebook via the Internet to the computing resources at the office. 3. disconnect the VPN session.

The 2 broadband links allow the remote user to establish a SSL VPN session via either of the 2 links from Time Telekom or Telekom Malaysia, therefore, in the event either of the broadband links is down (or faulty), a remote user can still establish the SSL VPN session.

A. INSTALLING THE SSL VPN CLIENT PLUG-IN 1. In the browsers address bar, type https://211.24.177.18:10443 (for the Time Telekom link) or type in the following address for Telekom Malaysias link: https://ailpj.dyndns.org:10443. 2. The following steps are the same for either of the addresses entered in the browsers address bar. 3. Screen below will be displayed. Click on Continue to this website (not recommended)

Page 1 of 10

CONFIDENTIAL

4. Login screen below will be displayed. Key in user name and click on Login (note: individual users will be assigned their own user names and passwords).

Page 2 of 10

CONFIDENTIAL

5. In the following screen, scroll down the Tunnel Mode window, click on the link Click here to download and install it. This installs the SSL VPN plug-in which is required for the tunneling function of the SSL VPN client.

Scroll down

6. When the window below pops up, click Run to download the software.

Page 3 of 10

CONFIDENTIAL

7. In the window below, click on Run again

8. Click on Install in the window below and installation of the software will begin.

9. Click on Close once the installation is completed.

Page 4 of 10

CONFIDENTIAL

10. Close the browser (Internet Explorer, Mozilla Firefox, Google Chrome, etc) and open the browser again to activate the plug-in software. 11. In the browser, enter again the URL: https://211.24.177.18:10443 and click on Continue to this website (not recommended). In the Login screen, enter the Username and password in the Login screen. Click on Login 12. You may see the same screen again as in no. 4 above but please note the warning message bar above the Welcome to SSL VPN Service banner. Move the mouse over to highlight the message and click on it to run the add-on. A small window pops up.

Page 5 of 10

CONFIDENTIAL

13. Click on Run Add-on.

14. Click on Run.

Page 6 of 10

CONFIDENTIAL

B. ESTABLISHING THE SSL VPN CONNECTION 1. The screen below will be displayed, click on Connect to establish the VPN link (note: the screen may differ from the one shown below but the Tunnel Mode window should be displayed. Click on the Connect button to proceed with establishing the SSL VPN session.

Page 7 of 10

CONFIDENTIAL

2. Once the VPN link is established, the following screen will be displayed. Your PC/notebook is now connected remotely to the office network over the Internet.

Page 8 of 10

CONFIDENTIAL

3. To connect to your server, open another browser tab and enter the IP address of the server, in this example, we are connecting to the Call Center Server. Once the Login screen is shown, it means we are able to remotely and securely connect to the device. To connect to the Call Center Server, enter the IP address of the server i.e. https://192.168.0.11 and the following screen will be displayed.

Open a new browser tab here

Page 9 of 10

CONFIDENTIAL

C. DISCONNECTING THE SSL VPN SESSION 1. When you wish to disconnect the VPN session, go back to the SSL VPN tab as shown below and click on Disconnect.

2. The message FortiClient SSL VPN offline is shown, indicating the VPN session has been disconnected.

Page 10 of 10

CONFIDENTIAL