Remote Access

Secure and Carefree

SSL VPN User Guide
(Applicable only to users who use the Windows
operating system)
Remote Access Process
1. Obtain the login information from the Login address:
administrator. List of FAQs
User name/Password:
The administrator should provide the address Q: What are the differences between user
for remote login as well as the user Soft certificate:
name/password, soft certificate, or USBKey USB key: name/password-based, soft certificate-
based on the login mode. Please properly keep based, and USBkey-based login?
them.
A: During user name/password-based login,

2. Select the desired content for access.
Read this document based on the content you
want to access. Different contents correspond
to different access modes. You can use your
browser to access some contents and install
independent client software to access other
contents.
In addition, the terminal, operating system, and
browser used for access vary according to
access contents.
you only need to enter the correct user name
and password on the login page.
During soft certificate- or USBKey-based
login, a certificate needs to be sent to the
gateway to complete identity authentication.
A software certificate is a type of certificate

If you want to access... Please use... If you want to use... Please read... in the format of a electronic document. It can
be used only after being installed on a
Access intranet web resources. Web proxy Browser 2->3->4 device. A certificate is stored in the USBKey.
After the USBKey is inserted in a device, the
View intranet files. File sharing Browser 2->3->5->6
gateway can call the certificate in the

Access intranet TCP USBKey during login.

Port Client software for TCP
applications, such as Telnet, 2->3->7 During soft certificate- or USBKey-based
forwarding applications
FTP, and Outlook applications.
login, you may be required to enter a correct
Network extension client or IE password besides providing a certificate.
Use PC to access all intranet SSL network
that has the ActiveX control 2->3->8->9->10
IP services. extension Whether a password is required based on
installed
the gateway configuration.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. P1

First Login
Using a browser to log in to the gateway
① Enter the gateway address in the address box of
the browser.
② (Optional) install the ActiveX control. (This step is
required only when the IE is used for login.)
③ You need to perform the following operations
based on the authentication mode used by the
gateway:
A. Enter the user name, password, and
verification code.
B. Enter the password and verification code, and
select a certificate.
C. Enter the verification code and select a
certificate.
④ Submit a terminal ID. After submitting the terminal
ID, contact the administrator for approval.

List of FAQs
Q: Which types of browsers are recommended to log in
to the gateway? A B C
A: The IE is recommended. If a non-IE browser is used
for login, some functions are available.
Q: What do I do when the web browser displays a
message on the security certificate error of the
website or an untrusted connection during the
access to the gateway?
A: Ignore the message and continue to establish the
connection with the gateway.
Q: How can I clear the alarm on the security certificate
error or untrusted connection?
A: The login page provides a button for you to
Click here to select Click here to select
download a CA certificate. Download a required CA a certificate. a certificate.
certificate and install it.
Q: Why are operation items for filling in a verification
code and submitting a terminal ID absent during the
login?
A: These operation items are available only after
related functions are configured on the gateway.
Q: What do I do if the verification code is unclear?
A: Click the verification code image to refresh the
verification code.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. P2

Operation GUI
Overview
① Operation buttons
 Home: You can click it to return to
the home page when you are on
other operation UIs.
 Options: You can click it to access
the page for modifying your
password, downloading the
network extension client, or
submitting the terminal ID.
 Help: You can click it to download
the Help document.
 Logout: You can click it for logout.
② Web Link URL: You can set it and click
Go to access the accessible intranet
web resources that are not listed in the
web proxy resource list.
③ Service area: may include the web
proxy, file sharing, port forwarding, and
network extension services. The
available services depends on the
gateway configuration.

List of FAQs
Q: After login, the page on the right side is
not displayed, but the Portal page is
displayed. What is the cause for the
case?
A: The Portal page push function is
configured on the gateway. You can
click links on the Portal page to access
desired intranet resources.
Q: Why is port forwarding enabled after
login?
A: The function of automatically enabling
port forwarding is enabled on the
gateway.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. P3

Web Proxy: Using a Browser to Access Intranet
Web Resources
Accessing intranet web resources
① Log in to the gateway through a browser and click
web resource links on the web proxy to access an
intranet web server.

List of FAQs
Q: Why cannot web proxy resources be accessed after
some software (such as ISA client) is enabled?
A: The software can change proxy settings of the
browser. Disable the software, log out of the gateway,
and log in to the gateway again for access attempts.
Q: Why cannot the web resource page be fully
displayed?
A: The page may include multiple links that are
configured as web proxy resources on the gateway.
Q: Why are some web proxy resources shown in the
figure unavailable?

A: The web proxy resources are available only after the

ActiveX control is installed. In addition, non-IE
browsers do not support the control.

List of supported browsers

IE Firefox Chrome Opera

6 to 11 4.0 to 30.0 10 to 20 9.0 to 12.0

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. P4

File Sharing: Using a Browser to Access
Intranet Files
Accessing file sharing resources
① Log in to the gateway through a browser and click a
folder name under File Sharing.
② Enter the correct user name and password to log in
to the file server.

List of FAQs
Q: Are the user name and password for accessing the file
sharing service the same as those for logging in to the virtual
gateway?
A: They may be different. The user name and password for
accessing the file sharing service are those for logging in tot
he file server and depend on the file server configuration.
Q: Why can the content of a folder be viewed after I click the
folder name without entering the user name and password?
A: A correct user name and password are required only when
the service type of a file sharing resource is SMB. If the
service type of a file sharing resource is NFS, no user name
or password is required.
Q: What do I do if the message "Access failed. There is a server
error, please contact the administrator." displayed during the
access to file resources?
A: First, check whether the entered user name and password
are correct. If yes, contact the network administrator on
whether the file resource is shared and whether you have the
permission on the file resource.

List of supported browsers

IE Firefox Chrome Opera

6 to 11 4.0 to 30.0 10 to 20 9.0 to 12.0

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. P5

File Sharing: Using a Browser to Access
Intranet Files
Monitoring file resources
After logging in to the file server, you can perform the following
operations on files:
① Download files: Click the desired file name for download, or
right-click the file name and choose Save Target As... from
the shortcut menu.
② Rename files (file folders): Select a file (file folder) and
click Rename. Enter a new name and click Rename.
③ Upload files: Click Upload, click Browse, select the file to
be uploaded, and click Start uploading.
④ Create a directory: Click NewFolder, enter a new directory
name, and click Create folder.
⑤ Delete files (file folders): Select a file (file folder) and
click Delete.
⑥ Set the number items that can be displayed on each page:
Set the number of items for each page to 5/10/20/30 in the
drop-down list.

List of FAQs
Q: What do I do if the message "Delete failed. There is a
nonempty directory" is displayed during the attempt to delete
a folder?
A: The message indicates that other files exist in the folder. To
delete the folder, open the folder and delete all files in the
folder.
Q: How can I return to the upper directory after accessing a
folder?
A: Click

Q: Why is the message "Rename file failed. You may not have
the correct permissions" displayed when I delete, rename,
upload, and create a directory for a file?
A: You have only the read permission on the file, but no the
operation permission. Contact the administrator of the file
server to obtain the required permission.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. P6

Port Forwarding: Accessing Intranet Applications
Enabling port forwarding
① Access the gateway through a browser and
enable port forwarding.
If the administrator enables automatic client
startup on the secure access gateway, port
forwarding will be automatically enabled when
users access the client page.

Supported mainstream applications

and protocols

IBM Notes MS remote

desktop

Telnet, SSH,
FTP, and HTTP

Supported operating systems and

browsers
Windows 2000 Professional SP3
or higher
Windows XP SP1 or higher
Windows Server 2000 SP3 or
higher
Windows Server 2003
Windows Vista 32/64-bit
Windows 7 32/64-bit
Windows 8 32/64-bit
32/64-bit
Windows Server 2008 32/64-bit
Accessing intranet applications
② You cannot directly click resources in
the resource list on the gateway UI for
access. Instead, you need to use
suitable clients for access. For example,
port forwarding provide Windows remote
desktop. After port forwarding is
6 to 11 enabled, the built in Windows remote
desktop of the Windows operating
system can be used to log in to an
intranet PC.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. P7

SSL Network Extension: Using a PC to Access
an Intranet
Using a browser to enable network extension

① Access the gateway through a browser and

enable network extension.

Supported operating systems

6 to 11
32/64-bit

32-bit 64-bit
Windows 2000 Professional
SP3 or higher A
Windows XP SP1 or higher

Windows Server 2000 SP3 or

higher
Status after network extension is enabled properly
Windows Server 2003 B A. The message "Starting network extension service succeeded" is
Windows Vista displayed on the operation GUI.
Windows 7 B. Move the mouse to the icon of the network extension client in the
lower right corner of the desktop and check the virtual IP address
Windows 8
assigned by the gateway to the device and information on the DNS
Windows Server 2008 server and sent & received packets.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. P8

SSL Network Extension: Using a PC to Access
an Intranet
Using a network extension client to enable
network extension
Downloading and installing the network
extension client
① Use a browser to log in to the gateway. Click Options.
② Click Download network extension client.
③ Install the independent client.
Using the network extension client for login
① Enter the gateway address in the URL. The user name and password are optional. If the gateway uses certificate
authentication, only the password is required or neither the user name nor password is required. Determine whether a
user name and password are required based on the login information obtained from the administrator.
② (Optional) When the certificate-based login mode is used, select a correct certificate in the dialog box (as shown in
figure 2) that is displayed after you click Login.
③ (Optional) When multiple virtual gateways are accessible, click IP OPTION. Right-click the blank part to add multiple
gateways. Select Auto Best Link Selected in figure 1. Then the client software will automatically access the gateway
with the minimum delay.
④ (Optional) Click Option to configure the proxy server, tunnel node, automatic startup, and automatic login.

You can access the network only after logging out of the
gateway that you have logged in through a browser.
Use the network extension client to log in to the gateway.

Supported operating systems

Windows 2000 Professional SP3 or higher

Windows XP SP1 or higher
Windows Server 2000 SP3 or higher
Windows Server 2003
Windows Vista 32/64-bit
Windows 7 32/64-bit
Windows 8 32/64-bit
Windows Server 2008 32/64-bit

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. P9

SSL Network Extension: Using a PC to Access
an Intranet
List of FAQs
Q: Why does the system displays the message "Establishing proxy settings failed!" and the automatic reconnection dialog box when the network extension client is used to
enable network extension?
A: Cause 1: The attempt to establish an SSL connection between network extension system service program NemService and the virtual gateway/proxy server is blocked
by the firewall software installed on the user's PC.
Solution: Modify the firewall software configuration on the PC. To be specific, add %appdata%\svnclient\NemService.exe to the list of software whose connection to the
network is allowed by the firewall software.
Cause 2: When the message is displayed, prompting the user to click Permit or Forbidden for connecting the network extension system service program NemService to
the network, the user does not click Permit in the specified time period or click Forbidden.
Solution: When the message is displayed, prompting the user to click Permit or Forbidden for connecting the network extension system service program NemService to
the network, click Permit in the specified time period.

Q: What do I do if network extension cannot be enabled through a browser and the page of enabling network extension persists?
A: The address pool on the gateway has no available address, or addresses in the address pool conflict with other IP addresses of the gateway. Contact the gateway
administrator for processing.

Q: When I use the network extension client to enable network extension, what do I do if the system displays an error IP address?
A: The address pool on the gateway has no available address, or addresses in the address pool conflict with other IP addresses of the gateway. Contact the gateway
administrator for processing.

Q: When I use the network extension client to enable network extension, what do I do if the message "Connecting to the VPN gateway failed!" is displayed?
A: Cause 1: The proxy server setting on the network extension client is incorrect.
Solution: Open the network extension client. Click Option. In Proxy Setting, check the proxy server setting. Ensure that the proxy server setting is the same as that in
the actual networking.
Cause 2: The PC is unreachable to the virtual gateway/proxy server.
Solution: Configure the PC to ping the gateway address. If the ping fails, contact the network administrator for processing.

Q: Why cannot network extension be enabled when I use the network extension client and set the tunnel mode to Fast transfer mode?
A: A firewall device may exist between the PC and gateway, and UDP port 443 is disabled. Change the tunnel node to Reliable transfer mode.

Q: Are a user name and password required when the network extension client is used to enable network extension?
A: Not necessarily. When the gateway uses user name/password authentication, a user name and password are required. When the gateway uses certificate authentication,
only the password is required, or neither a user name nor a password is required.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd. P10