Résumé du contenu de la page N° 1
Citrix NetScaler Application Switch
SSL VPN User’s Guide for the Windows®
Platform
Release 7.0
Citrix Systems, Inc.
Résumé du contenu de la page N° 2
© CITRIX SYSTEMS, INC., 2005. ALL RIGHTS RESERVED. NO PART OF THIS DOCU- MENT MAY BE REPRODUCED OR TRANSMITTED IN ANY FORM OR BY ANY MEANS OR USED TO MAKE DERIVATIVE WORK (SUCH AS TRANSLATION, TRANSFORMA- TION, OR ADAPTATION) WITHOUT THE EXPRESS WRITTEN PERMISSION OF CITRIX SYSTEMS, INC. ALTHOUGH THE MATERIAL PRESENTED IN THIS DOCUMENT IS BELIEVED TO BE AC- CURATE, IT IS PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IM- PLIED. USERS MUST TAKE ALL RESPONSIBILITY FOR THE USE OR APPLICATION
Résumé du contenu de la page N° 3
BroadCom is a registered trademark of BroadCom Corporation. Fast Ramp, NetScaler, and NetScal- er Request Switch are trademarks of Citrix Systems, Inc. Linux is a registered trademark of Linus Torvalds. Internet Explorer, Microsoft, PowerPoint, Windows and Windows product names such as Windows NT are trademarks or registered trademarks of the Microsoft Corporation. NetScape is a registered trademark of Netscape Communications Corporation. Red Hat is a trademark of Red Hat, Inc. Sun and Sun M
Résumé du contenu de la page N° 4
Résumé du contenu de la page N° 5
Contents Chapter 1 - SSL VPN Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 1.1 SSL VPN : Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1 Chapter 2 - Getting Started . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 2.1 System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1 2.2 Using the SSL VPN Browser Plug-in . . . . . . . . . . . . . . . . . . . . . . . . 2-1 2.3 Using the SSL VPN Age
Résumé du contenu de la page N° 6
Contents 4.2.3 Managing Domain Conflicts. . . . . . . . . . . . . . . . . . . . . . . . . . . .4-11 4.2.4 Managing Network Conflicts . . . . . . . . . . . . . . . . . . . . . . . . . . .4-13 4.2.5 Local LAN Access When Split Tunneling is Disabled . . . . . . . . . . .4-14 Chapter 5 - Troubleshooting the SSL VPN Client . . . . . . . . . . . . . . . 5-1 5.1 Debugging the SSL VPN Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1 5.2 SSL VPN Session Error Codes. . . . . . . . . . .
Résumé du contenu de la page N° 7
Chapter 1 SSL VPN Overview SSL VPN is a secure remote access solution that provides point-to-point com- munication between remote users, such as mobile employees, partners, or resellers, and a private enterprise network. It does so by creating a secure SSL-based tunnel between a user's computer and the SSL VPN gateway. This allows authorized remote users to gain access to critical business resources such as corporate intranets, shared file systems, native client/server applica- tions, and te
Résumé du contenu de la page N° 8
SSL VPN Overview The agent is installed on your computer when you log on for the first time. You can configure it to log on directly to the gateway, without having to log on via the Web portal. This is known as the native login mode. Alternately, you can also log on to the gateway via the SSL VPN login page. The SSL VPN browser plug-in is an ActiveX control. While the feature set sup- ported by the plug-in is identical to that supported by the agent, it does not support native login. When ei
Résumé du contenu de la page N° 9
Chapter 2 Getting Started The preceding chapter covered the architectural details of the SSL VPN client. In this chapter you will learn to use both versions of the SSL VPN client and log on to the gateway and access intranet resources. 2.1 System Requirements The system requirements for the SSL VPN client are: Operating system: Microsoft Windows 98, Windows 2000, Windows NT, Win- dows XP, or Windows 2003 Server. Web browser: Internet Explorer, Firefox, Mozilla, NetScape, and Opera. Note When
Résumé du contenu de la page N° 10
Getting Started Figure 2-1 Security Alert window The security alert indicates that there might be discrepancies in the certificate. The possible issues are: • The certificate has expired. • The domain name in the certificate does not match the domain name of the server. • The certificate is not trusted. Click No and contact your SSL VPN administrator. If the SSL VPN administrator instructs you to click Yes, this alert is again displayed after you log on as shown in Figure 2-5. 2. The login
Résumé du contenu de la page N° 11
Getting Started Figure 2-2 SSL VPN Login page 3. Enter your user name and password and click Login. When you log on to the SSL VPN gateway for the first time, a security warning is displayed as shown in the following figure. This warning prompts you to download the browser plug-in. Figure 2-3 Security warning SSL VPN User’s Guide 2-3
Résumé du contenu de la page N° 12
Getting Started Note On a Windows XP-based system, the following dialog box is displayed. Figure 2-4 Security warning on a Windows XP-based computer 4. Click Yes. The Secure Remote Access Session window is displayed as shown in the following figure, and the plug-in begins to download. A "Load- ing..." message is also displayed in this window. Figure 2-5 Browser plug-in being loaded 2-4 SSL VPN User’s Guide
Résumé du contenu de la page N° 13
Getting Started 5. When the download has completed, the Secure Remote Access Session window displays the following message: "Closing this window will exit SSL VPN Session". This indicates that the SSL VPN session is now active. The portal page configured by the SSL VPN administrator is displayed in the main browser window, as shown in the following figure. Figure 2-6 Session window with the portal page in the background Note If you are not automatically prompted to download the plug-in aft
Résumé du contenu de la page N° 14
Getting Started Figure 2-7 Download prompt page Note For details on working with a pop-up blocker, especially for a computer running Windows XP with SP2, consult the SSL VPN administrator. You can now access resources on the remote site. For example, if you have logged on to your office network, you can launch your e-mail client and access your messages. 2.3 Using the SSL VPN Agent SSL VPN allows you to access authorized resources, on a remote intranet, over a secure connection. To establis
Résumé du contenu de la page N° 15
Getting Started Figure 2-8 The Security Alert window The security alert indicates that there might be discrepancies in the certificate. The possible issues are: • The certificate has expired. • The domain name in the certificate does not match the domain name of the server. • The certificate is not trusted. Click No and contact the SSL VPN administrator. If the SSL VPN administrator instructs you to click Yes, this alert is again displayed after you log on as shown in Figure 2-5. 2. The log
Résumé du contenu de la page N° 16
Getting Started Figure 2-9 SSL VPN Login page 3. Enter your user name and password and click Login. When you log on for the first time, the following download page is displayed. Click the link to download and install the agent. 2-8 SSL VPN User’s Guide
Résumé du contenu de la page N° 17
Getting Started Figure 2-10 Download page 4. When the agent is successfully installed, a security alert is displayed as shown in the following figure. Figure 2-11 Security warning SSL VPN User’s Guide 2-9
Résumé du contenu de la page N° 18
Getting Started 5. Click Yes. The portal page configured by the SSL VPN administrator is dis- played in the main browser window with the agent displayed in the system tray, as shown in the following figure. Figure 2-12 Portal page You can now access resources on the remote site. For example, if you have logged on to your office network, you can launch your e-mail client and access your messages. 2.4 Terminating the SSL VPN Session You can choose to terminate the SSL VPN session by either log
Résumé du contenu de la page N° 19
Getting Started nate an SSL VPN session. 2.4.1 Terminating the Session for the Agent The following procedure covers the steps to terminate the session for the agent. 1. Check the Windows system tray for the icon. This indicates that the agent is active and that you are currently logged on. Right-click the icon and select Logout from the short-cut menu. A message box is displayed as shown in the following figure. Figure 2-13 Confirmation message box 2. Click Yes. The Citrix Windows Cleanup
Résumé du contenu de la page N° 20
Getting Started 3. Select a cleanup option from the Select Cleanup Level box and click Cleanup. The cleanup process is initiated and the status is displayed on the dialog box as shown in the following figure. Figure 2-15 Cleanup dialog box with details 4. Once the cleanup process is completed successfully, click Exit. The follow- ing message is displayed and the icon changes to in the Windows sys- tem tray. Figure 2-16 Exit message 2-12 SSL VPN User’s Guide