Documente Academic
Documente Profesional
Documente Cultură
Introduction
This technote describes how to set up a SonicWALL SSL-VPN appliance behind a Microsoft ISA Server on a Windows Small Business Server (SBS) network. The SBS has an external and an internal network card and ISA is configured in integrated mode. The procedures described in this technote have been tested on ISA 2004, but are similar for ISA 2000 and 2006. Because the SSL-VPN uses the HTTPS protocol on port 443, inbound traffic addressed to port 443 needs to arrive at the SSL-VPN unchanged after traversing the ISA server. However, the ISA server acts as a proxy when you deploy the SSL-VPN as a Web server behind it and it does not support HTTPS CONNECT methods. When ISA intercepts the SSL traffic, it interprets the external HTTP CONNECT method as SSL-TUNNEL traffic with a CONNECT request (a CERN Proxy request), which is an outbound request, and ISA will drop it. When this happens, remote users will not be able to access various client applications including Telnet, SSH, VNC, NetExtender, RDP, and Virtual Assist when connecting through the SonicWall SSL VPN Web portal. If the SBS is connected to a gateway device or router, the gateway or router must be configured to forward incoming SSL traffic on port 443 to the external network card of the Small Business Server. This port forwarding task is beyond the scope of this document.
Configuring ISA
The SonicWALL SSL-VPN must be published as a Server (not a Web Server) within ISA to allow the inbound SSL connection through the ISA firewall.
Configuration Tasks
You will need to perform the following tasks to configure ISA: Configure an inbound Protocol Definition for port 443. Configure a Server Publishing Rule for the SonicWALL SSL-VPN to make the server available to external users. Configure the incoming Web requests listener to ignore inbound SSL traffic.
6. Click OK.
To configure a Server Publishing Rule for the SonicWALL SSL-VPN, perform the following steps in the ISA management interface: 1. Start the Server Publishing Wizard. 2. Enter a descriptive name for the server, such as SonicWALL SSL-VPN. 3. On the General tab in the SonicWALL SSL-VPN Properties window, select the Enable check box. 4. Click the Action tab. 5. Enter the IP address of the SonicWALL SSL-VPN appliance in the IP address of internal server field. 6. Enter SSL as the Mapped server protocol. This is the SSL Protocol Definition created previously.
7. Click OK.
3. Click OK.