How it Works
Netgear
Loading...
SSL312
Owner's Manual
124 pgs2.53 Mb0
Quick Start Manual
2 pgs123.5 Kb0
User Manual
122 pgs2.25 Mb0
User Manual
120 pgs2.26 Mb0
User Manual
112 pgs2.5 Mb0
Installation Manual [zh]
4 pgs162.96 Kb0
Installation Manual [zh]
3 pgs173.11 Kb0
Installation Manual [zh]
2 pgs217.55 Kb0

Netgear SSL312 Installation Manual [zh]

Application Note
SSL312 VPN Concentrator: Integration with Microsoft Active Directory
Summary
The SSL312 is a versatile tool that allows end users to connect to the corporate network from any remote location with internet access. Since SSL is not VPN there is no need for client software. The end user opens the desired application such as email, enters the user name and password to authenticate, and a secure connection is created. This document will discuss how to use Active Directory as the authentication service.
This document provides a step-by-step procedure on how to configure SSL312 for use with Active Directory (AD) to authenticate the users. The document is targeted for users who currently utilize Microsoft Active Directory and want to integrate the SSL312 with AD. The integration of SSL312 with AD will greatly reduce the administration time of having to add users to the SSL by utilizing the user settings existing in AD.
Even though, there are generic references to Active Directory procedures, it is recommended to utilize a Microsoft technical training document for Active Directory configurations. This document is not a good source for settings, configurations, or troubleshooting Active Directory.
This document elaborates on and does not replace the NETGEAR® ProSafe® SSL VPN Concentrator 25 SSL312 Reference Manual, sections 3 through 10. Windows Active Directory is one of many authentication options on the SSL VPN concentrator. For more options, please refer to the SSL 312 VPN Concentrator user manual on the NETGEAR support site.
Active Directory is a centralized location for managing services, such as user authentication for your remote SSL VPN users. Since company users and their access information are defined on the AD server, what you need to do on the SSL 312 box is configure the AD domain. This will give access to all your users on the AD server.
Configuring SSL312 for Integration with Active Directory
Active Directory authentication servers support a group and user structure that can be queried when an Active Directory user logs in. This means that you can create Policies and Bookmarks for Active Directory users at the group level without needing to define Active Directory users in the SSL VPN concentrator. Policies and Bookmarks provide end users with access to company resources such as applications and servers. When a user logs in, if no corresponding user name is configured on the local database, then SSL
VPN Concentrator will query the Active Directory server for the list of groups to which the user belongs.
Once you create an Active Directory domain, you can add groups that correspond with groups on your Active Directory server. If the Active Directory user is configured in the SSL VPN concentrator, then the SSL VPN concentrator will ignore the AD group information and, instead, implement policies and bookmarks based on the settings of the group to which the user belongs.
Confirming Connectivity
Before configuring the SSL VPN concentrator to authenticate through Active Directory, it is important to check connectivity, as well as make some preliminary configurations.
To confirm connectivity:
1. Make sure that Active Directory is functioning properly.
2. Ensure that there is IP communication between the AD server and the SSL box. Do a
simple ping from the AD server to the SSL and from the SSL box using the Diagnostics menu to ping the AD as well as a DNS lookup, if applicable.
Preliminary Configurations
There are a few procedures to configure in preparation for AD, which are Portal Layouts, Groups, and User configurations. For detailed step-by-step procedures for configuring Portal Layouts, Groups, and Users, please refer to the Reference Manual found on the support site at http://kbserver.netgear.com/main.asp.
Portal Layouts
Portal Layouts allow you to create a custom page that remote users will see when they log into the portal. Because the page is completely customizable, it provides the ideal way to communicate remote access instruction, support information, technical contact info, or VPN-related news updates to remote users. The page is also well-suited as a starting page for restricted users; if mobile users or business partners are only permitted to access a few files or web URLs, the page you create will only show those links relevant to these users.
Custom Portals are accessed at a different URL than the default portal. For example, if your SSL VPN portal is hosted at https://vpn.company.com, and you created a portal layout named “sales”, then users will be able to access the sub-site at https://vpn.company.com/portal/sales.
Configuring Users and Groups
It is important to understand the policy hierarchy. There are Global Policies that apply to all groups and users accessing the SSL VPN concentrator and Group Policies that apply to all users. The following list describes the hierarchy:
Loading...
+ 3 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use