You are here: Cookbook > VPN > Allowing Remote Users to Access a Private Network Using SSL VPN

Allowing Remote Users to Access a Private Network Using SSL VPN

This example shows how to use SSL VPN to provide remote users with access to corporate internal network.

The topology describes a remote user trying to visit the internal server within a corporate. Using SSL VPN tunnel, the connection between remote users and private server is encrypted and safe.

Step 1: Creating local user  

Select Object > User. In the Local User tab, under Local Server, click New > User.

  • Name: user1
  • Password: 123456
  • Confirm Password: 123456
Step 2: Configuring SCVPN address pool  

Select Network > VPN > SSL VPN, and click Address Pool. In the prompt, click New.

  • Address Pool Name: pool1

  • Start IP: 20.1.1.2

  • End IP: 20.1.1.200

  • Mask: 255.255.255.0

  • DNS1: 10.160.65.60

  • WINS1: 10.160.65.61

Step 3: Creating tunnel interface

Select Network > Zone, and click New.

  • Zone: VPN
  • Type: Layer 3 Zone

Select Network > Interface, and click New > Tunnel Interface.

  • Interface Name: tunnel1
  • Binding Zone: Layer 3 Zone
  • Zone: VPN
  • Type: Static IP
  • IP Address: 20.1.1.1
  • Netmask: 24

Note: Tunnel interface must be of the same network segment of SSL VPN address pool.

Step 4: Configuring SCVPN

Select Network > VPN > SSL VPN, and click New.

In the Name/Access User tab:

  • SSL VPN Name: ssl1
  • AAA Server: select local, and click Add

In the Interface tab:

  • Egress Interface 1: ethernet0/5

  • Service port: 4433

  • Tunnel Interface: tunnel1

  • Address Pool: pool1

In the Tunnel Route tab:

  • IP: 10.160.65.0

  • Netmask: 255.255.248.0

Tunnel route must be of the same network segment of internal server ("Server1")

Step 5: Creating policy from VPN to any

Select Policy > Security Policy, and click New.

  • Name: policy
  • Source Information
    • Zone: VPN
    • Address: Any
  • Destination Information
    • Zone: trust
    • Address: Any
  • Other Information
    • Service/Service Group: Any
  • Action: Permit
Step 6: Results  

After configuration, the remote user enters address "https://153.34.29.1:4433" in a browser. The browser will show login page. Enter username and password ("user1" and "123456").

The browser will prompt to hint you to download the VPN client. Follow the steps to download and install the scvpn client.

The remote user click open the Hillstone Secure Connect client, and enter information below:

  • Server: 10.160.65.51
  • Port: 4433
  • Username: user1
  • Password: 123456

When the icon in the taskbar becomes green, the client is connected. Then, the remote user access the internal server via SSL VPN.