Sie sind auf Seite 1von 11

Remote Access

Secure and Carefree

SSL VPN User Guide

(Applicable only to users who use the Windows operating system)

Remote Access Process

1. Obtain the login information from the administrator.

   

Login address:

User name/Password:

 
   

The administrator should provide the address for remote login as well as the user name/password, soft certificate, or USBKey

Soft certificate:

provide the address for remote login as well as the user name/password, soft certificate, or USBKey

USB key:

USB key:  
 

based on the login mode. Please properly keep

them.

 

2. Select the desired content for access.

In addition, the terminal, operating system, and browser used for access vary according to access contents.

Read this document based on the content you want to access. Different contents correspond

to different access modes. You can use your

 

browser to access some contents and install independent client software to access other contents.

If you want to access

Please use

If you want to use

 

Please read

Access intranet web resources.

Web proxy

Browser

 

2->3->4

View intranet files.

File sharing

Browser

 

2->3->5->6

Access intranet TCP applications, such as Telnet, FTP, and Outlook applications.

Port

Client software for TCP applications

 

forwarding

 

2->3->7

Use PC to access all intranet IP services.

SSL network

Network extension client or IE that has the ActiveX control installed

 

extension

2->3->8->9->10

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

List of FAQs

Q: What are the differences between user

name/password-based, soft certificate-

based, and USBkey-based login?

A: During user name/password-based login,

you only need to enter the correct user name

and password on the login page.

During soft certificate- or USBKey-based

login, a certificate needs to be sent to the

gateway to complete identity authentication.

A software certificate is a type of certificate

in the format of a electronic document. It can

be used only after being installed on a

device. A certificate is stored in the USBKey.

After the USBKey is inserted in a device, the

gateway can call the certificate in the

USBKey during login.

During soft certificate- or USBKey-based

login, you may be required to enter a correct

password besides providing a certificate.

Whether a password is required based on

the gateway configuration.

P1
P1

First Login

Using a browser to log in to the gateway

Enter the gateway address in the address box of the browser.

(Optional) install the ActiveX control. (This step is required only when the IE is used for login.)

You need to perform the following operations based on the authentication mode used by the

gateway:

A. Enter the user name, password, and verification code.

B. Enter the password and verification code, and select a certificate.

C. Enter the verification code and select a

certificate.

Submit a terminal ID. After submitting the terminal

ID, contact the administrator for approval.

List of FAQs

Q: Which types of browsers are recommended to log in

to the gateway? A: The IE is recommended. If a non-IE browser is used for login, some functions are available. Q: What do I do when the web browser displays a message on the security certificate error of the website or an untrusted connection during the access to the gateway? A: Ignore the message and continue to establish the connection with the gateway. Q: How can I clear the alarm on the security certificate

error or untrusted connection?

A: The login page provides a button for you to download a CA certificate. Download a required CA certificate and install it. Q: Why are operation items for filling in a verification code and submitting a terminal ID absent during the login?

A: These operation items are available only after related functions are configured on the gateway. Q: What do I do if the verification code is unclear?

A: Click the verification code image to refresh the

verification code.

A B C Click here to select Click here to select a certificate. a certificate.
A
B
C
Click here to select
Click here to select
a certificate.
a certificate.
P2
P2

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

Operation GUI

Operation GUI Overview ① Operation buttons  Home: You can click it to return to the

Overview

Operation buttons

Home: You can click it to return to the home page when you are on other operation UIs.

Options: You can click it to access the page for modifying your password, downloading the network extension client, or submitting the terminal ID.

Help: You can click it to download the Help document.

Logout: You can click it for logout.

Web Link URL: You can set it and click

Go to access the accessible intranet

web resources that are not listed in the

web proxy resource list.

Service area: may include the web proxy, file sharing, port forwarding, and network extension services. The available services depends on the gateway configuration.

List of FAQs

Q: After login, the page on the right side is not displayed, but the Portal page is displayed. What is the cause for the case? A: The Portal page push function is configured on the gateway. You can click links on the Portal page to access desired intranet resources. Q: Why is port forwarding enabled after login? A: The function of automatically enabling port forwarding is enabled on the gateway.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

P3
P3

Web Proxy: Using a Browser to Access Intranet

Web Resources

Accessing intranet web resources

Log in to the gateway through a browser and click web resource links on the web proxy to access an intranet web server.

List of FAQs

Q: Why cannot web proxy resources be accessed after

some software (such as ISA client) is enabled? A: The software can change proxy settings of the browser. Disable the software, log out of the gateway, and log in to the gateway again for access attempts. Q: Why cannot the web resource page be fully displayed? A: The page may include multiple links that are

configured as web proxy resources on the gateway.

Q: Why are some web proxy resources shown in the

figure unavailable?

some web proxy resources shown in the figure unavailable? A: The web proxy resources are available

A: The web proxy resources are available only after the ActiveX control is installed. In addition, non-IE browsers do not support the control.

List of supported browsers

List of supported browsers IE Firefox Chrome Opera 6 to 11 4.0 to 30.0 10 to

IE

Firefox

Chrome

Opera

6 to 11

4.0 to 30.0

10 to 20

9.0 to 12.0

List of supported browsers IE Firefox Chrome Opera 6 to 11 4.0 to 30.0 10 to

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

P4
P4

File Sharing: Using a Browser to Access

Intranet Files

Accessing file sharing resources

Log in to the gateway through a browser and click a folder name under File Sharing.

Enter the correct user name and password to log in to the file server.

List of FAQs

Q: Are the user name and password for accessing the file sharing service the same as those for logging in to the virtual gateway? A: They may be different. The user name and password for accessing the file sharing service are those for logging in tot he file server and depend on the file server configuration. Q: Why can the content of a folder be viewed after I click the

folder name without entering the user name and password?

A: A correct user name and password are required only when the service type of a file sharing resource is SMB. If the service type of a file sharing resource is NFS, no user name or password is required. Q: What do I do if the message "Access failed. There is a server error, please contact the administrator." displayed during the access to file resources? A: First, check whether the entered user name and password

are correct. If yes, contact the network administrator on

whether the file resource is shared and whether you have the permission on the file resource.

List of supported browsers

List of supported browsers IE Firefox Chrome Opera 6 to 11 4.0 to 30.0 10 to

IE

Firefox

Chrome

Opera

6 to 11

4.0 to 30.0

10 to 20

9.0 to 12.0

List of supported browsers IE Firefox Chrome Opera 6 to 11 4.0 to 30.0 10 to

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

P5
P5

File Sharing: Using a Browser to Access

Intranet Files

Monitoring file resources

After logging in to the file server, you can perform the following

operations on files:

Download files: Click the desired file name for download, or

right-click the file name and choose Save Target As

the shortcut menu.

from

Rename files (file folders): Select a file (file folder) and click Rename. Enter a new name and click Rename.

Upload files: Click Upload, click Browse, select the file to be uploaded, and click Start uploading.

Create a directory: Click NewFolder, enter a new directory name, and click Create folder.

Delete files (file folders): Select a file (file folder) and

Delete files (file folders): Select a file (file folder) and click Delete . ⑥ Set the
Delete files (file folders): Select a file (file folder) and click Delete . ⑥ Set the

click Delete.

Set the number items that can be displayed on each page:

Set the number of items for each page to 5/10/20/30 in the drop-down list.

List of FAQs

Q: What do I do if the message "Delete failed. There is a nonempty directory" is displayed during the attempt to delete a folder? A: The message indicates that other files exist in the folder. To delete the folder, open the folder and delete all files in the folder. Q: How can I return to the upper directory after accessing a folder?

A: Click

to the upper directory after accessing a folder? A: Click Q: Why is the message "Rename

Q: Why is the message "Rename file failed. You may not have the correct permissions" displayed when I delete, rename, upload, and create a directory for a file? A: You have only the read permission on the file, but no the

operation permission. Contact the administrator of the file

server to obtain the required permission.

the file, but no the operation permission. Contact the administrator of the file server to obtain
file, but no the operation permission. Contact the administrator of the file server to obtain the

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

P6
P6

Port Forwarding: Accessing Intranet Applications

Enabling port forwarding

Access the gateway through a browser and enable port forwarding. If the administrator enables automatic client startup on the secure access gateway, port

forwarding will be automatically enabled when

users access the client page.

Supported mainstream applications and protocols

client page. Supported mainstream applications and protocols IBM Notes M S r e m o t

IBM Notes

MS remote

desktop

and protocols IBM Notes M S r e m o t e desktop Telnet, SSH, FTP,
and protocols IBM Notes M S r e m o t e desktop Telnet, SSH, FTP,

Telnet, SSH, FTP, and HTTP

Supported operating systems and browsers

SSH, FTP, and HTTP Supported operating systems and browsers Windows 2000 Professional SP3 or higher Windows

Windows 2000 Professional SP3 or higher Windows XP SP1 or higher Windows Server 2000 SP3 or higher Windows Server 2003 Windows Vista 32/64-bit Windows 7 32/64-bit Windows 8 32/64-bit Windows Server 2008 32/64-bit

32/64-bit Windows 8 32/64-bit Windows Server 2008 32/64-bit 6 to 11 32/64-bit Accessing intranet applications ②

6 to 11

32/64-bit

8 32/64-bit Windows Server 2008 32/64-bit 6 to 11 32/64-bit Accessing intranet applications ② You cannot
Accessing intranet applications ② You cannot directly click resources in the resource list on the

Accessing intranet applications

You cannot directly click resources in the resource list on the gateway UI for access. Instead, you need to use suitable clients for access. For example, port forwarding provide Windows remote desktop. After port forwarding is enabled, the built in Windows remote desktop of the Windows operating system can be used to log in to an intranet PC.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

P7
P7

SSL Network Extension: Using a PC to Access

an Intranet

Using a browser to enable network extension

Access the gateway through a browser and enable network extension.

Supported operating systems

Supported operating systems 6 to 11 32/64-bit 32-bit 64-bit Windows 2000 Professional SP3 or higher Windows

6 to 11

32/64-bit

32-bit

64-bit

Windows 2000 Professional SP3 or higher

Windows 2000 Professional SP3 or higher

Windows XP SP1 or higher

Windows XP SP1 or higher

Windows Server 2000 SP3 or higher

Windows Server 2000 SP3 or higher

Windows Server 2003

Windows Server 2003

Windows Vista

Windows Vista

Windows 7

Windows 7

Windows 8

Windows 8

Windows Server 2008

Windows Server 2008
Vista Windows 7 Windows 8 Windows Server 2008 A B Status after network extension is enabled
A
A
B
B

Status after network extension is enabled properly

A. The message "Starting network extension service succeeded" is displayed on the operation GUI.

B. Move the mouse to the icon

on the operation GUI. B. Move the mouse to the icon of the network extension client

of the network extension client in the

lower right corner of the desktop and check the virtual IP address assigned by the gateway to the device and information on the DNS

server and sent & received packets.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

P8
P8

SSL Network Extension: Using a PC to Access

an Intranet

Using a network extension client to enable

network extension

Downloading and installing the network

extension client

Use a browser to log in to the gateway. Click Options.

Click Download network extension client.

Install the independent client.

extension client . ③ Install the independent client. You can access the network only after logging
extension client . ③ Install the independent client. You can access the network only after logging

You can access the network only after logging out of the

gateway that you have logged in through a browser.

Use the network extension client to log in to the gateway.

Supported operating systems

client to log in to the gateway. Supported operating systems Windows 2000 Professional SP3 or higher

Windows 2000 Professional SP3 or higher Windows XP SP1 or higher Windows Server 2000 SP3 or higher Windows Server 2003 Windows Vista 32/64-bit Windows 7 32/64-bit Windows 8 32/64-bit Windows Server 2008 32/64-bit

32/64-bit Windows 8 32/64-bit Windows Server 2008 32/64-bit Using the network extension client for login ①

Using the network extension client for login

Enter the gateway address in the URL. The user name and password are optional. If the gateway uses certificate authentication, only the password is required or neither the user name nor password is required. Determine whether a user name and password are required based on the login information obtained from the administrator.

(Optional) When the certificate-based login mode is used, select a correct certificate in the dialog box (as shown in figure 2) that is displayed after you click Login.

(Optional) When multiple virtual gateways are accessible, click IP OPTION. Right-click the blank part to add multiple gateways. Select Auto Best Link Selected in figure 1. Then the client software will automatically access the gateway with the minimum delay.

(Optional) Click Option to configure the proxy server, tunnel node, automatic startup, and automatic login.

④ (Optional) Click Option to configure the proxy server, tunnel node, automatic startup, and automatic login.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

P9
P9

SSL Network Extension: Using a PC to Access

an Intranet

List of FAQs

Q: Why does the system displays the message "Establishing proxy settings failed!" and the automatic reconnection dialog box when the network extension client is used to

enable network extension? A: Cause 1: The attempt to establish an SSL connection between network extension system service program NemService and the virtual gateway/proxy server is blocked by the firewall software installed on the user's PC. Solution: Modify the firewall software configuration on the PC. To be specific, add %appdata%\svnclient\NemService.exe to the list of software whose connection to the network is allowed by the firewall software. Cause 2: When the message is displayed, prompting the user to click Permit or Forbidden for connecting the network extension system service program NemService to the network, the user does not click Permit in the specified time period or click Forbidden.

Solution: When the message is displayed, prompting the user to click Permit or Forbidden for connecting the network extension system service program NemService to

the network, click Permit in the specified time period.

Q: What do I do if network extension cannot be enabled through a browser and the page of enabling network extension persists? A: The address pool on the gateway has no available address, or addresses in the address pool conflict with other IP addresses o f the gateway. Contact the gateway administrator for processing.

Q: When I use the network extension client to enable network extension, what do I do if the system displays an error IP address? A: The address pool on the gateway has no available address, or addresses in the address pool conflict with other IP addresses o f the gateway. Contact the gateway

administrator for processing.

Q: When I use the network extension client to enable network extension, what do I do if the message "Connecting to the VPN gateway failed!" is displayed? A: Cause 1: The proxy server setting on the network extension client is incorrect. Solution: Open the network extension client. Click Option. In Proxy Setting, check the proxy server setting. Ensure that the proxy server setting is the same as that in the actual networking. Cause 2: The PC is unreachable to the virtual gateway/proxy server. Solution: Configure the PC to ping the gateway address. If the ping fails, contact the network administrator for processing.

Q: Why cannot network extension be enabled when I use the network extension client and set the tunnel mode to Fast transfer mode?

A: A firewall device may exist between the PC and gateway, and UDP port 443 is disabled. Change the tunnel node to Reliable transfer mode.

Q: Are a user name and password required when the network extension client is used to enable network extension? A: Not necessarily. When the gateway uses user name/password authentication, a user name and password are required. When the gateway uses certificate authentication, only the password is required, or neither a user name nor a password is required.

Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

P10
P10