Application Note

User Guide for the SSL312 VPN Concentrator

Summary

This guide provides instructions for using a web browser to remotely access resources on a corporate network through the NETGEAR SSL312 VPN Concentrator.

From a browser on a public PC (at an Internet cafe or airport, for example) you can securely and remotely:

  • Run an application, such as Microsoft Word or your company’s MRP program, from a corporate server.
  • Access a remote-enabled desktop on the corporate network.
  • Access the corporate network neighborhood for file sharing.
  • Run network utilities such as telnet or ftp.

From your own PC, you can make a full VPN connection to the corporate network.

Since your network administrator can customize what applications and resources are available to you, you may not have access to all of the functions described in this document.

A Problems and Solutions section is included at the end of this document.

Browser Requirements

All of the functionality of the SSL VPN connection depends on the browser. The browser must be compatible, must have the necessary settings, and must remain open while any of the SSL VPN functions are in use.

To use the services available from a public PC, your browser must meet the following requirements:

  • Internet Explorer 5.0 or greater
  • Java enabled

To make a VPN connection using VPN Tunnel or Port Forwarding, your browser must meet the following requirements:

  • Internet Explorer 5.0 or greater
  • Browser security settings must permit ActiveX files and ActiveX with active scripting

Logging In

You can log in securely to the SSL VPN portal from any computer with Internet connectivity. For many of the supported functions, no additional software is required other than a standard web browser with Java enabled.

  1. Open your Web browser.
  2. In the Address or Location field of your browser, type (not and enter the Web site name or IP address of the SSL VPN portal as shown in the following examples:

If your administrator has added a custom portal, you may need to type a longer address such as the following:

The login window should appear.

If a certificate warning message is displayed, see the Problems and Solutions section.

  1. Enter your user name and password and select your assigned Domain.
  2. Click Login. The portal page should appear.

If you have problems logging in, see the Problems and Solutions section at the end of this document.

Once you have logged into the SSL VPN portal, do not close the browser until you have finished using the services. Otherwise you will need to reopen the browser and log in to the SSL VPN portal again.

Applications

The Applications menu allows you to run any of the displayed applications from the corporate server through your browser. This feature is useful if you are logged in from a public PC or a PC that does not have the application installed. Running a single application can give improved performance compared to accessing the entire remote desktop.

To run a Terminal Services Application:

  1. Click on the icon for the desired application. If your network administrator has already configured a specific server to host this application, the application will open in a new window and you will skip the remaining steps. Otherwise, an address window will appear.
  1. Enter the Internet name or IP address of the server that will host this application.
  2. Select the size of the display window for viewing the remote desktop.
  3. Click Apply. The application will open in a new window.

Do not close the browser window that opened the application window. Closing this window will close the session to the application.

Notes:

  • If you are using Windows XP Professional with Service Pack 2, you must download and install an update in order to use the Terminal Services client. See the instructions at the end of this document.
  • If you are using a Macintosh, you must install Microsoft’s Remote Desktop Services client for the Mac. See the instructions at the end of this document.
  • If a dialog box is displayed to Import a self-signed certificate, contact your network administrator to determine whether to accept the certificate. To accept the certificate, click the Import link to add the certificate into your trusted root certificate store.

Remote Access

The Remote Access menu allows you to view and control a remote desktop to run applications, read or write files, and perform other advanced features. The remote computer must be running either Terminal Services Remote Desktop Protocol (RDP5) ActiveX or Virtual Network Computing (VNC) server software.

Use the Terminal Services client to connect to a remote computer with RDP enabled. Use the VNC client to connect to a remote computer running VNC server software. Your network administrator can tell you which client to use for a particular remote computer.

To connect to a remote desktop:

  1. In the Remote Access menu, click on the appropriate client (Terminal Services or VNC). An address entry window will open.
  1. Enter the Internet name or IP address of the remote computer to which you would like to connect.
  2. If you selected the Terminal Services client, select the size of the display window for viewing the remote desktop. This setting will not appear if you selected the VNC client.
  3. Click Apply.

If you selected the Terminal Services client, the client will first try to log in to the remote computer using your SSL VPN Portal user name and password. If this user name and password is not accepted, the Terminal Services client will prompt you for a user name and password, and then the remote desktop will be displayed.

If you selected the VNC client, you will be prompted for a password to connect to the remote computer, and then the remote desktop will be displayed.

Notes:

  • When using Internet Explorer to access the VNC client, you will receive an error message if Java is not installed on your PC. In this case, go to and download the Java platform.
  • If you are using Windows XP Professional with Service Pack 2, you must download and install an update in order to use the Terminal Services client. See the instructions at the end of this document.
  • If you are using a Macintosh, you must install Microsoft’s Remote Desktop Services client for the Mac. See the instructions at the end of this document.

Bookmarks

Bookmarks provide a convenient way for you to connect to remote computers that you will access frequently. To define a bookmark:

  1. Click Add Bookmark. An Add Bookmark window will be displayed.

  1. Enter a descriptive name in the Bookmark Name field.
  2. Enter the Internet name or IP address of the remote computer.
  3. Select the appropriate client (Terminal Services or VNC).
  4. If you selected the Terminal Services client, select the size of the display window for viewing the remote desktop. This setting will not appear if you selected the VNC client.
  5. If you selected the Terminal Services client, you can optionally enter the path of an application on the remote server (for example, C:\Program Files\Microsoft Office\EXCEL.EXE) in the Application field, or you can leave the field blank to access the entire desktop. This setting will not appear if you selected the VNC client.
  6. Click Add Bookmark.

The new bookmark will be displayed in the Bookmarks table. Click on a bookmark name to go to the location that you defined. You can Edit or Delete the bookmark by clicking on the links provided in the table.

Network Places

The Network Places menu displays a Network Neighborhood directory of the corporate network. Depending on sharing permissions, you can read or write files and folders in shared directories.

Utilities

The Utilities menu provides web-based clients for three basic network services: Telnet, SSH, and FTP.

Using the Telnet and SSH Clients

To use the Telnet or SSH client:

  1. Click on the Telnet or SSH icon. The server selection window opens.
  1. Enter either the Internet name (for example, server.company.com) or the IP address of the server to which you want to connect.
  2. Click Apply. If the server is available, a Telnet or SSH console screen will open.

For SSH, a small login box will open behind the console screen as shown below. Move the console screen to uncover the login box and enter your login info.

If the Telnet or SSH window displays a prompt, but does not appear to accept keyboard input, click on the white blinking cursor.

Using the FTP Client

The web-based FTP client allows you to download and upload files, make directories and rename files on the remote server. To use the FTP client:

  1. Click on the FTP icon. An FTP Add New Session window opens.

  1. Enter either the Internet name (for example, ftp.company.com) or the IP address of the FTP server to which you want to connect.
  2. If the FTP server uses the same login name and password as your SSL VPN portal, you can leave User Name and Password blank. Otherwise, enter the User Name and Password for the FTP server.
  3. Click Apply. If the server is available, an FTP Session window opens.

Click Download Files in the left navigation menu to download, delete or rename files. From this menu, you can:

  • Navigate to different directories on the FTP server by clicking on folder names or the Up link in the Filename listing. Alternatively, you can enter the desired location in the Go to directory field or by clicking on a directory name in the Current Directory navigation bar.
  • Download a file by clicking on its filename in the Filename listing.
  • Rename a directory or file by selecting its checkbox and clicking the Rename button.
  • Delete a folder or file by selecting its checkbox and clicking the Delete Marked button.
  • Create a directory by entering a folder name in the Create new folder field and clicking Apply.

Click Upload Files in the left navigation menu to display the Upload FTP Files menu. To upload files, click a Browse button, select the file to upload from your computer, and then click Upload. Once the file has been successfully uploaded, the file will be displayed in the Download Files menu.

Multiple FTP sessions

Up to eight simultaneous FTP sessions per user may be opened by clicking Add New Session in the left navigation menu. To switch between active FTP sessions, click the desired FTP session link (user@ftpserver) in the left navigation menu. When an FTP session times out because of user inactivity, the FTP session link will disappear from the left navigation menu.

To end all active FTP sessions and close the FTP Session window, click Logout in the left navigation menu.

Bookmarks

Bookmarks provide a convenient way for you to connect to remote servers that you will access frequently. To define a bookmark, click Add Bookmark in the Bookmarks table. An Add Bookmark window will be displayed.

Port Forwarding

Your network administrator can configure the SSL VPN connection to allow specific applications on your PC to access specific services on the corporate network (for example, for your email application to send email through the company email server). Your access to these services is enabled in the Port Forwarding menu, which will install a small ActiveX program on your computer.

You do not need administrator privileges on your computer, but your web browser must meet the following requirements:

  • Internet Explorer (IE) 5.0 or greater
  • Browser security settings must permit ActiveX files and ActiveX with active scripting

To enable the Port Forwarding services for your computer:

  1. Select the Port Forwarding menu.

If you see “WARNING: Port Forwarding could not be installed,” verify the security settings of your Internet Explorer browser as described in the Problems and Solutions section.

  1. Click on the icon for Connect using Port Forwarding. A Port Forwarding icon will appear in your Windows Taskbar system tray.

Your network administrator can define specific TCP applications that you can access using Port Forwarding. To view the defined server addresses and application port numbers, double-click the Port Forwarding icon in the Windows Taskbar. In the connections table, you should see a list of available applications and servers. For more information, contact your network administrator.

To end the Port Forwarding connection, double-click the Port Forwarding icon in the Windows Taskbar and click Deactivate.

VPN Tunnel

Through the SSL VPN portal, you can create a full VPN tunnel to the corporate network, allowing you to mount network drives, upload and download files, and access resources in the same way as if you were physically connected to the corporate network.

To launch VPN Tunnel for the first time, you must have administrator privileges on your computer in order to install the necessary drivers. After the first time, you do not need administrator privileges. Your web browser must meet the following requirements:

  • Internet Explorer (IE) 5.0 or greater
  • Browser security settings must permit ActiveX files and ActiveX with active scripting

To enable a VPN Tunnel from your computer to the corporate network:

  1. Select the VPN Tunnel menu.
  2. Click on the icon for Connect using VPN Tunnel. A VPN Tunnel icon will appear in your Windows Taskbar system tray.

To end the VPN Tunnel connection, double-click the VPN Tunnel icon in the Windows Taskbar and click Disconnect.

Problems and Solutions

Certificate Warnings

When your browser makes an SSL connection, it receives a digital certificate file from the SSL server that uniquely identifies the server. Depending on how your company implemented the certificate, you may receive warnings from the browser. Contact your network administrator to determine whether to accept the certificate.

Java Error

If you receive an error message that Java is not installed on your PC, go to and download the Java platform.

If you are using Windows XP Professional with Service Pack 2, you must download and install an update in order to use the Terminal Services client. See the instructions at the end of this document.

Configure Your Browser’s Security Settings

The Port Forwarding and VPN Tunnel features require your browser security settings to permit ActiveX files and ActiveX with active scripting. Because some of the recommended settings are not advisable for general Internet sites, NETGEAR recommends that you add the SSL VPN portal to your browser’s Trusted sites zone, as described in a separate section. Then you should configure custom security settings for the Trusted sites.

To configure custom settings for Trusted sites in Internet Explorer:

  1. Select Internet Options from the web browser Tools menu.
  2. Select the Security tab in the Internet Options dialog window.
  3. Click the Trusted sites icon.
  4. Click Custom Level to view security settings for the Trusted sites zone.
  5. Scroll through the security settings to the section for ActiveX controls and plug-ins.
  6. Confirm that the following items are not disabled :
  7. Download signed ActiveX controls
  8. Initialize and script ActiveX controls not marked as safe
  9. Run ActiveX controls and plug-ins
  10. Script ActiveX controls marked safe for scripting

Adding a Trusted Site in Internet Explorer

To add the SSL VPN portal as a trusted site:

  1. Go to the SSL VPN portal login page.
  2. Press ALT+D to select the SSL VPN portal address, and press CTRL+C to copy it to the Windows Clipboard.
  3. In the Internet Explorer Tools menu, click Internet Options.
  4. Click the Security tab, then click Trusted Sites. The Internet Options Security configuration window will be displayed.
  5. Click the Sites button. The Trusted Sites dialog window will be displayed.
  6. In the Add this Web site to the zone box, press CTRL+V to paste the SSL VPN Portal web address.
  7. Click the Add button.
  8. Click OK twice.

Terminal Services 5.0 with Windows XP Professional SP2

If you are using Windows XP Professional with Service Pack 2, you will need to download and install an update for Service Pack 2 that provides support for alternative loopback addresses such as 127.0.02.

This only affects the ActiveX Terminal Services (5.0) client. The Java Terminal Services client does not require the SP2 update (KB884020).

If you try to connect to a Terminal Server from Windows XP SP2 and you see an error stating that the server cannot connect, but the Java-based Terminal Services client works fine, then you need to install the update patch.

To download the patch, go to: details.aspx?FamilyID=17d997d2-5034-4bbb-b74d-ad8430a1f7c8&DisplayLang=en

Download the patch and run it. You may need to restart Internet Explorer or reboot your machine before you can access the application.

Accessing Applications from a Macintosh

To access the functions of the SSL VPN portal using a Macintosh, you will need to install Microsoft’s Remote Desktop Services client for the Mac. To download the client, go to:

Copyright © 2006 NETGEAR®

Page 1