Avaya Secure Remote Access Bedienungsanleitung PDF herunterladen (Seite 12)

Secure Remote Access Technical Solution Guide v1.0

______________________________________________________________________________________________________

4.1 Secure Remote Access Solution topology

Figure 2 on page 13 depicts a basic topology for a non-resilient solution. Connecting clients can

be anywhere on the global Internet. When using IPsec, clients launch a software client, which

connects to the VPN Gateway after resolving the public domain name system (DNS) name.

When using SSL-VPN, a browser is used to connect to the Gateway through a URL such as

https://sslvpn.example.com. Although many scenarios are possible, a simple and time-tested

configuration is to place the VPN Gateway behind an Internet-facing screening router or firewall.

This router or firewall restricts access to the DMZ to application traffic based on protocol ports.

You can choose to deploy one or more access modes.

4.1.1 Required DMZ access policies

Based on the access modes used, configure the following minimal rules to allow client traffic to

connect to the VPN Gateway on the appropriate service addresses, also known as Virtual

Internet Protocol addresses (VIP).

Access mode Protocol/ports allowed to reach VIPs

SSL-VPN Clientless (web applications)

SSL-VPN Enhanced Clientless (web and

client server applications)

TCP 443

SSL-VPN NetDirect

SSL-VPN NetDirect FastPath (optional)

TCP 443

UDP 5000, 5001 (optional)

IPsec UDP 500 (IKE)

IP Protocol 50 (IPsec ESP)

UDP 10001 (Recommended port for NAT

traversal)

1 2 ... 7 8 9 10 11 12 13 14 15 16 17 ... 32 33

Keine Kommentare

Avaya Secure Remote Access Bedienungsanleitung Seite 12