2.2 Injecting the SSL VPN Header

The example in this section explains how to accelerate SSL VPN server in a path-based multi-homing configuration.

Before you begin, make sure you have already created a proxy service and an authentication procedure. For more information on creating a proxy service and authentication procedure, see Section 1.4.1, Configuring a Reverse Proxy.

  1. In the Administration Console, click Access Manager > Access Gateways > Edit > [Name of Reverse Proxy].

  2. In the Proxy Service List section, click New.

  3. Fill in the following fields.

    Proxy Service Name: Specify a name for proxy service.

    Multi-Homing Type: Specify the method for finding a second resource on the reverse proxy. For this example configuration, Path-Based has been selected.

    Published DNS Name: This field is populated by default with the published DNS name.

    Path: Specify the path to the SSL VPN resource. This must be 

    /sslvpn/

    Web Server IP Address: Specify the IP address of the SSL VPN server.

    Host Header: Select which hostname is forwarded to the Web server in the host header. If your SSL VPN server has a DNS name, select Web Server Host Name.

    Web Server Host Name: Specify the DNS name of the SSL VPN server.

  4. Click OK.

  5. To configure the default Identity Injection policy and protected resources, click the newly added proxy service.

  6. In the Path List section, make sure the Path is /sslvpn.

  7. In the Path List section, select the /sslvpn check box, then click Enable SSL VPN. The Enable SSL VPN pop-up is displayed.

  8. Fill in the following fields:

    • Policy Container: Leave the default value unchanged.

    • Policy: Select Create SSL VPN Default Policy from the drop-down list. A policy pop-up appears. Click Apply Changes in the pop-up, then click Close.

      The default SSL VPN policy injects both the username and password in the authentication header. If you do not want the password to be pushed to the authentication header, configure a policy with a username and a string constant. For more information on configuring policies, see Creating Identity Injection Policies in the Novell Access Manager 3.0 SP4 Administration Guide.

      You can also configure the SSL VPN policy to inject the client IP address, so that the IP address can then be included in log entries. For more information, see Configuring the Default Identity Injection Policy in the Novell Access Manager 3.0 SP4 Administration Guide.

    • Name: Select Create SSL VPN Default Protected Resource from the drop-down list.

  9. Click OK to close the Enable SSL VPN pop-up.

  10. Click the Web Servers tab.

  11. Specify 8080 in the Connect Port field, then click OK.

  12. In the Proxy Service List section, click the name of the parent proxy service of the newly created SSL VPN proxy service. This host does not have a multi-homing value.

  13. Select the Protected Resources tab.

  14. Select SSLVPN_Default from Protected Resources List.

  15. Select an authentication contract from the Contract drop-down list. Make sure you select Name/Password - Form as the authentication contract.

  16. In the URL Path List section, ensure that the URL is /sslvpn/*.

    IMPORTANT:Make sure that you configure the URL as given above. Any variation leads to the failure of SSL VPN service.

  17. Click Configuration Panel, then click OK.

  18. On the Configuration page, click OK.

  19. On the Access Gateways page, click Update.

  20. To update the Identity Server, click Identity Servers > Update.

  21. Click Close.