Avaya Secure Remote Access Bedienungsanleitung PDF herunterladen (Seite 20)

Secure Remote Access Technical Solution Guide v1.0

______________________________________________________________________________________________________

Design recommendation: When possible, use Clientless Mode for application access.

4.2.2.2 Enhanced Clientless Mode for client/server

Enhanced Clientless Mode uses Java applets to enable client/server communication. These

applets are automatically launched by preconfigured portal links on the SSL-VPN. The following

enhanced clientless features are provided:

4.2.2.2.1 Port forwarder

The port-forwarder applet can redirect UDP/TCP client connections through an encrypted tunnel

to the VPN Gateway, where they are then proxied to the actual application server. Multiple ports

can be forwarded at the same time, and no client reconfiguration is necessary as the client name

resolution mechanisms are used to direct the client application to resolve a local address for the

application server hostname. Furthermore, the port-forwarder applet can automatically launch the

required client application when the port forwarder applet is initialized. This function can be used

to launch a native e-mail client, such as Outlook.

Several predefined link types are available for applications, including Windows Terminal Services,

Microsoft Outlook, Windows Drive Mapping, and SMTP/POP/IMAP-based e-mail clients. You can

define custom port-forwarder links for additional application support.

4.2.2.2.2 Citrix applet

You can enable the Citrix support applet in the SSL-VPN portal to provide seamless support for

secure Citrix application delivery. This applet supports all Citrix client types, including Java,

ActiveX (Web Client), and Program Neighborhood, and provides the following benefits:

No changes required on Citrix Server

No per-server configuration required on VPN portal

Supports complex environments, including large Citrix Server Farms

Support for NFuse and web interface web application portals, including single sign-on

from VPN logon to application access

4.2.2.2.3 Terminal applet

The terminal applet provides a built-in Java terminal emulator that supports connecting to hosts

through telnet and Secure Shell (SSH).

4.2.2.2.4 HTTP proxy applet

In some cases, complex web applications cannot be supported directly by the HTML/JavaScript

rewriter in the SSL-VPN portal. In those cases, you can use an HTTP proxy applet to allow the

web browser to connect to a Java-based proxy, which tunnels all requests to the VPN Gateway

and bypasses HTML/JavaScript rewriting.

4.2.2.3 NetDirect

NetDirect is the required SSL-VPN mode for supporting complex applications such as IP

Telephony. The NetDirect client can be launched automatically when the portal is displayed, or it

can be manually launched by the user. If VoIP applications are used only occasionally, Nortel

recommends that you allow the user to launch NetDirect only when needed.

4.2.2.3.1 Split tunneling

The split tunneling feature for IPsec and NetDirect access modes allows only intranet traffic to

use the VPN and Internet traffic to be forwarded directly without forwarding through the VPN

Gateway. As a general recommendation, disable split tunneling to reduce the risk of

compromised remote access clients allowing unauthorized access to the intranet. If an IP Phone

1 2 ... 15 16 17 18 19 20 21 22 23 24 25 ... 32 33

Kommentare zu diesen Handbüchern

Keine Kommentare

Avaya Secure Remote Access Bedienungsanleitung Seite 20

Kommentare zu diesen Handbüchern

Verwandte Produkte und Handbücher für IP-Kommunikationsserver Avaya Secure Remote Access