Configuration Guide

How to configure SSL VPN features

and troubleshooting in DSR series

Overview

This document provides instructions on how to configure the SSL VPN feature on the D-Link
DSR-1000AC. SSL VPN is a form of VPN that can be used with any standard web browser.
SSL VPN doesn’t require the installation of specialized client software on end users’computers, and
is ideal for applications including file sharing, remote backup and remote system management.

Firmware version: v3.11

 How to configure SSL VPN features and troubleshooting in DSR series 2

Situation note
In this scenario, all application servers of the headquarter are located in the 192.168.10.0/24 subnet.
We are going to configure the DSR router to allow remote PCs to access the application servers via
an SSL VPN tunnel. The VPN tunnel does not handle local Internet traffic of clients, reducing the
traffic overhead for the tunnel.
 How to configure SSL VPN features and troubleshooting in DSR series 3

Configuration Instructions
1. Before configuring the SSL VPN tunnel, the remote management feature must be enabled via the
Maintenance -> Management -> Remote Management page.

Make sure the Enable Remote Management option is enabled and the HTTPS Port No is set to 443.
 How to configure SSL VPN features and troubleshooting in DSR series 4

2. Next, go to the Security -> Authentication-> Internal Users Database page and add a new user group and
account for the SSL VPN.
 How to configure SSL VPN features and troubleshooting in DSR series 5

Click on the Group tab and then click the Add New Group button to configure a new group.

Configure the parameters on the Group Configuration page with the values below:

Group Name: SSLVPN

Description: SSLVPN

User Type: Network

SSLVPN User: Enable

 How to configure SSL VPN features and troubleshooting in DSR series 6

Next, click the Users tab and then click the Add New User button to configure a new user.

Configure the parameters on the User Configuration page with the values below:

User Name: test1

First Name: test1

Last Name: test1

Select Group: SSLVPN

Password: test1

Confirm Password: test1

 How to configure SSL VPN features and troubleshooting in DSR series 7

3. Go to the VPN -> SSL VPN -> Portal Layouts page and create a new SSL VPN portal layout.
 How to configure SSL VPN features and troubleshooting in DSR series 8

Configure the parameters on the SSL VPN Portal Layout Configuration page with the values below:

Portal Layout Name: SSLVPNTEST

Login Profile Name: default

Portal Site Title (optional): SSLVPN

Banner Title (optional): SSLVPN

Banner Message: SSLVPN

Display banner message on login page: Enabled

HTTP Meta Tags for Cache Control (recommended): Enabled

ActiveX Web Cache Cleaner: Enabled

Authentication Type: Local User Database

Group: SSLVPN

VPN Tunnel page: Enabled

Port Forwarding: Enabled

 How to configure SSL VPN features and troubleshooting in DSR series 9

4. Go to the VPN -> SSL VPN -> SSL VPN Client page. On this page, the administrator can configure the IP address
range and DNS information that will be allocated to SSL VPN clients.

Configure the parameters on the SSL VPN Client page with the values below:

Full Tunnel Support: Enabled

Client Address Range Begin: 192.168.251.1

Client Address Range End: 192.168.251.254

LCP Timeout: 60 Minutes

 How to configure SSL VPN features and troubleshooting in DSR series 10

5. Go to the VPN -> SSL VPN Server Policy page and create a policy rule to allow the SSL VPN users to access the
remote network.
 How to configure SSL VPN features and troubleshooting in DSR series 11

Configure the parameters on the SSL VPN Server Policies Configuration page with the values below:

Policy Type: Group

Available Group: SSLVPN

Apply Policy to: All Addresses

Policy Name: SSLVPN

Begin: 0

End: 65535

Service: All

Permission: Permit
 How to configure SSL VPN features and troubleshooting in DSR series 12

6. Go to the VPN -> SSL VPN: Resource page, and click Add New Resource to create a policy rule which resource
users can access.

Configure the parameters on the SSL VPN Resources Configuration page with the values below:

Resource Name: sslvpnresource

Service: VPN Tunnel

ICMP: On

Object Type: IP Network

Object Address: 192.168.100.0

Mask Length: 24

Begin: 0

End: 65535

The SSL VPN tunnel is now configured on the DSR router. In order to successfully connect to the SSL VPN through the DSR
router using Internet Explorer, follow the instructions below.
 How to configure SSL VPN features and troubleshooting in DSR series 13

7. In Internet Explorer, go to Tools -> Internet Options and click on the Security tab. In this window, check the
Enable Protected Mode box for Internet.

In the same window, click on the Trusted Sites icon, and check the Enable Protected Mode for Trusted Sites.
 How to configure SSL VPN features and troubleshooting in DSR series 14

8. Next, in the Trusted Sites window, click the Sites button. In the pop up window, add the DSR’s WAN IP to the
list, and check the Require Server Verification box.

9. Navigate to Internet Options -> Advanced, and check the Enable Enhanced Protected Mode checkbox in
the Security section of the list.
 How to configure SSL VPN features and troubleshooting in DSR series 15

10. Navigate to Internet Options -> Security -> Trusted Sites and click the Custom level button. Look for the
Download Unsigned ActiveX controls option in the list and set it to Enable.

11. In Windows, navigate to the User Accounts panel and go to the User Account Control Settings. Here,
move the slider down to the Notify me when programs makes changes to my computer level.

Note: that accessing

the User Accounts
settings page may
vary based on which
version of Windows
you are using.
 How to configure SSL VPN features and troubleshooting in DSR series 16

12. Open the Java Control Panel and add the WAN IP of DUT to the Exception Site List.

Note: If the Java

Control Panel is not
available, verify that
the Java software
is installed on your
device.
 How to configure SSL VPN features and troubleshooting in DSR series 17

13. Launch Internet Explorer using the Run as Administrator option and browse to the DSR SSL VPN URL.

When prompted to log in, enter the user credentials previously created on the DSR router. In this case, enter the
user name and password test1 and click Login.
 How to configure SSL VPN features and troubleshooting in DSR series 18

Once logged in, click on the VPN Tunnel tab in the top panel of the page.
 How to configure SSL VPN features and troubleshooting in DSR series 19

Next, click on the SSL VPN Tunnel client icon below SSL VPN Tunnel Client Installer / Launcher.

In the window below, click Continue.

 How to configure SSL VPN features and troubleshooting in DSR series 20

In the window below, click Execute.

 How to configure SSL VPN features and troubleshooting in DSR series 21

To verify if the VPN tunnel connection was successfully established, you should be able to remotely ping and
access the DSR’s internal LAN network.
 Visit our website for more information
www.dlink.com
D-Link, D-Link logo, D-Link sub brand logos and D-Link product trademarks are trademarks or registered trademarks of D-Link Corporation and its subsidiaries.
All other third party marks mentioned herein are trademarks of the respective owners.

Copyright © 2017 D-Link Corporation. All Rights Reserved.