ZyXEL Communications 3.1 ユーザーズマニュアル
Chapter 18 SSL VPN
ZyWALL (ZLD) CLI Reference Guide
153
18.2.2 Setting an SSL VPN Rule Tutorial
Here is an example SSL VPN configuration. The SSL VPN rule defines:
• Only users using the “tester” account can use the SSL VPN.
• The ZyWALL will assign an IP address from 192.168.100.1 to 192.168.100.10 (defined in object
• The ZyWALL will assign an IP address from 192.168.100.1 to 192.168.100.10 (defined in object
“IP-POOL”) to the computers which match the rule’s criteria.
• The ZyWALL will assign two DNS server settings (172.16.1.1 and 172.16.1.2 defined in objects
DNS1 and DNS2) to the computers which match the rule’s criteria.
• The SSL VPN users are allowed to access the ZyWALL’s local network, 172.16.10.0/24 (defined in
object “Network1”).
• Users have to access the SSL VPN using a computer that complies with all the following criteria
(defined in object “EPS-1”):
• Windows XP is installed.
• TrendMicro PC-Cillin Internet Security 2007 is installed and activated.
• TrendMicro PC-Cillin Internet Security 2007 is installed and activated.
[no] eps periodical-check
<1..1440>
Sets the number of minutes to have the ZyWALL repeat the endpoint
security check at a regular interval. The no command disables this setting.
security check at a regular interval. The no command disables this setting.
[no] network-extension {activate |
ip-pool address_object | 1st-dns
{address_object | ip } | 2nd-dns
{address_object | ip } | 1st-wins
{address_object | ip } | 2nd-wins
{address_object | ip } | network
address_object}
Use this to configure for a VPN tunnel between the authenticated users and
the internal network. This allows the users to access the resources on the
network as if they were on the same local network.
the internal network. This allows the users to access the resources on the
network as if they were on the same local network.
ip-pool
: specify the name of the pool of IP addresses to assign to the
user computers for the VPN connection.
Specify the names of the DNS or WINS servers to assign to the remote
users. This allows them to access devices on the local network using
domain names instead of IP addresses.
users. This allows them to access devices on the local network using
domain names instead of IP addresses.
network
: specify a network users can access.
[no] network-extension traffic-
enforcement
Forces all SSL VPN client traffic to be sent through the SSL VPN tunnel. The
no
no
command disables this setting.
[no] user user_name
Specifies the user or user group that can use the SSL VPN access policy.
sslvpn policy move <1..16> to <1..16>
Moves the specified SSL VPN access policy to the number that you
specified.
specified.
sslvpn no connection username user_name
Terminates the user’s SSL VPN connection and deletes corresponding
session information from the ZyWALL.
session information from the ZyWALL.
no sslvpn policy profile_name
Deletes the specified SSL VPN access policy.
sslvpn policy rename profile_name
profile_name
Renames the specified SSL VPN access policy.
show workspace application
Displays the SSLVPN resources available to each user when logged into
SSLVPN.
SSLVPN.
show workspace cifs
Displays the shared folders available to each user when logged into
SSLVPN.
SSLVPN.
Table 78
SSL VPN Commands
COMMAND
DESCRIPTION