Country/Region

Firewall SSL VPN Configuration Example (Local Authentication)

2022-06-23 20:04:02 Published
  • 0 Followed
  • 0Collected ,1245Browsed
Shawn_Xunjie

Network Topology


The red line represents the security policy configuration method.

Configuration Steps

1.Configure Security Policy:

security-zone name untrust

import interface FWwan

import interface sslvpn-ac 1

quit

 security-zone name trust

import interface gigabitethernet FWlan

quit

####

 security-policy ip

 #

 rule name ssl1

 source-zone local

 destination-zone untrust

 source-ip-host FWwan

 destination-ip-host ssl-host

 action pass

 quit

#

rule name ssl2

source-zone untrust

 destination-zone local

 source-ip-host ssl-host

 destination-ip-host FWwan

 action pass

 quit

 #

 rule name ssl3

  source-zone local

  destination-zone trust

  source-ip-host FWlan

  destination-ip-host LanServer

  action pass

  quit

#

 rule name ssl4

 source-zone trust

 destination-zone local

 source-ip-host LanServer

 destination-ip-host FWlan

 action pass

 quit

 #

 rule name ssl5

 source-zone untrust

 destination-zone trust

 source-ip-subnet SSLAC-Subnet

 destination-ip-host LanServer

 action pass

 quit

 #

 rule name ssl6

  source-zone trust

  destination-zone untrust

  source-ip-host LanServer

  destination-ip-subnet SSLAC-Subnet

  action pass

  quit

 

2.Configure SSLVPN:

interface GigabitEthernet0/0

 port link-mode route

 description LAN-interface

 combo enable copper

 ip address 192.168.1.1 255.255.255.0

 tcp mss 1280

#

interface GigabitEthernet0/1

 port link-mode route

 ip address 1.1.1.2 255.255.255.0

#

interface GigabitEthernet0/2

 port link-mode route

 ip address 2.2.2.2 255.255.255.0

#

interface SSLVPN-AC1

 ip address 10.1.1.100 255.255.255.0

#

acl advanced 3000

 rule 0 permit ip source 10.1.1.0 0.0.0.255 destination 2.2.2.0 0.0.0.255

#

local-user admin class manage

 service-type telnet http

 authorization-attribute user-role network-admin

#

local-user sslvpnuser class network

 password simple 123456

 authorization-attribute user-role network-operator

 authorization-attribute sslvpn-policy-group resourcegrp

#

sslvpn ip address-pool sslvpnpool 10.1.1.1 10.1.1.10

#

sslvpn gateway gw

 ip address 1.1.1.2 port 4430

 service enable

#

sslvpn context ctxip

 gateway gw

 ip-tunnel interface SSLVPN-AC1

 ip-tunnel address-pool sslvpnpool mask 255.255.255.0

 ip-route-list rtlist

  include 2.2.2.0 255.255.255.0

 policy-group resourcegrp

  filter ip-tunnel acl 3000

  ip-tunnel access-route ip-route-list rtlist

 service enable

#

return

Key Configuration

Configure Security Policy

Please rate this case:   
0 Comments

No Comments

Add Comments:

Copyright© 2025 H3C reserves all rights to the current version NO.1

The copyright of this icon belongs to H3C. It is only for the use of this community. Do not use it for commercial purposes. Anyone who violates this icon will be prosecuted