Documente Academic
Documente Profesional
Documente Cultură
Overview
This document provides instructions on how to configure the SSL VPN feature on the D-Link
DSR-1000AC. SSL VPN is a form of VPN that can be used with any standard web browser.
SSL VPN doesn’t require the installation of specialized client software on end users’computers, and
is ideal for applications including file sharing, remote backup and remote system management.
Situation note
In this scenario, all application servers of the headquarter are located in the 192.168.10.0/24 subnet.
We are going to configure the DSR router to allow remote PCs to access the application servers via
an SSL VPN tunnel. The VPN tunnel does not handle local Internet traffic of clients, reducing the
traffic overhead for the tunnel.
How to configure SSL VPN features and troubleshooting in DSR series 3
Configuration Instructions
1. Before configuring the SSL VPN tunnel, the remote management feature must be enabled via the
Maintenance -> Management -> Remote Management page.
Make sure the Enable Remote Management option is enabled and the HTTPS Port No is set to 443.
How to configure SSL VPN features and troubleshooting in DSR series 4
2. Next, go to the Security -> Authentication-> Internal Users Database page and add a new user group and
account for the SSL VPN.
How to configure SSL VPN features and troubleshooting in DSR series 5
Click on the Group tab and then click the Add New Group button to configure a new group.
Configure the parameters on the Group Configuration page with the values below:
Description: SSLVPN
Next, click the Users tab and then click the Add New User button to configure a new user.
Configure the parameters on the User Configuration page with the values below:
Password: test1
3. Go to the VPN -> SSL VPN -> Portal Layouts page and create a new SSL VPN portal layout.
How to configure SSL VPN features and troubleshooting in DSR series 8
Configure the parameters on the SSL VPN Portal Layout Configuration page with the values below:
Group: SSLVPN
4. Go to the VPN -> SSL VPN -> SSL VPN Client page. On this page, the administrator can configure the IP address
range and DNS information that will be allocated to SSL VPN clients.
Configure the parameters on the SSL VPN Client page with the values below:
5. Go to the VPN -> SSL VPN Server Policy page and create a policy rule to allow the SSL VPN users to access the
remote network.
How to configure SSL VPN features and troubleshooting in DSR series 11
Configure the parameters on the SSL VPN Server Policies Configuration page with the values below:
Begin: 0
End: 65535
Service: All
Permission: Permit
How to configure SSL VPN features and troubleshooting in DSR series 12
6. Go to the VPN -> SSL VPN: Resource page, and click Add New Resource to create a policy rule which resource
users can access.
Configure the parameters on the SSL VPN Resources Configuration page with the values below:
ICMP: On
Mask Length: 24
Begin: 0
End: 65535
The SSL VPN tunnel is now configured on the DSR router. In order to successfully connect to the SSL VPN through the DSR
router using Internet Explorer, follow the instructions below.
How to configure SSL VPN features and troubleshooting in DSR series 13
7. In Internet Explorer, go to Tools -> Internet Options and click on the Security tab. In this window, check the
Enable Protected Mode box for Internet.
In the same window, click on the Trusted Sites icon, and check the Enable Protected Mode for Trusted Sites.
How to configure SSL VPN features and troubleshooting in DSR series 14
8. Next, in the Trusted Sites window, click the Sites button. In the pop up window, add the DSR’s WAN IP to the
list, and check the Require Server Verification box.
9. Navigate to Internet Options -> Advanced, and check the Enable Enhanced Protected Mode checkbox in
the Security section of the list.
How to configure SSL VPN features and troubleshooting in DSR series 15
10. Navigate to Internet Options -> Security -> Trusted Sites and click the Custom level button. Look for the
Download Unsigned ActiveX controls option in the list and set it to Enable.
11. In Windows, navigate to the User Accounts panel and go to the User Account Control Settings. Here,
move the slider down to the Notify me when programs makes changes to my computer level.
12. Open the Java Control Panel and add the WAN IP of DUT to the Exception Site List.
13. Launch Internet Explorer using the Run as Administrator option and browse to the DSR SSL VPN URL.
When prompted to log in, enter the user credentials previously created on the DSR router. In this case, enter the
user name and password test1 and click Login.
How to configure SSL VPN features and troubleshooting in DSR series 18
Once logged in, click on the VPN Tunnel tab in the top panel of the page.
How to configure SSL VPN features and troubleshooting in DSR series 19
Next, click on the SSL VPN Tunnel client icon below SSL VPN Tunnel Client Installer / Launcher.
To verify if the VPN tunnel connection was successfully established, you should be able to remotely ping and
access the DSR’s internal LAN network.
Visit our website for more information
www.dlink.com
D-Link, D-Link logo, D-Link sub brand logos and D-Link product trademarks are trademarks or registered trademarks of D-Link Corporation and its subsidiaries.
All other third party marks mentioned herein are trademarks of the respective owners.