|
Applicable Version: 10.00 onwards
Overview
This article describes how you can allow an SSL VPN user access to an application hosted at the remote side of an IPSec VPN connection.
Scenario
Allow any SSL VPN user, connected to Head Office Network, access to the RDP Server hosted in the Branch Office network as shown below. The Head Office and Branch Office are connected via an IPSec VPN tunnel.
Prerequisite
The Head Office and Branch Office should be connected via an IPSec VPN connection.
Configuration
In IPSec Configuration, you can allow the SSL VPN user access to the RDP server by adding the Head Office WAN IP in the trusted Local Networks at the Head Office side and trusted Remote Networks at the Branch office side.
Head Office Configuration
To configure the Head Office Cyberoam, follow the steps given below.
Step 1: Create Bookmark for RDP Service
Go to VPN à SSL à Bookmark and click Add to add a bookmark using the following parameters.
Parameter Description
|
Parameter
|
Value
|
Description
|
|
|
RDP
|
|
|
Type
|
RDP
|
Select type of Bookmark.
Available options:
- HTTP
- HTTPS
- RDP
- Telnet
- SSH
- FTP
|
|
URL
|
172.16.16.17
|
|
Step 2: Create SSL VPN Policy
Create an SSL VPN policy to allow access to the RDP server. Go to VPN à SSL à Policy and click Add to add an SSL VPN policy using the following parameters.
Parameter Description
|
Parameter
|
Value
|
Description
|
|
Add SSL VPN Policy
|
|
Name
|
Access_RDP
|
|
|
Access Mode
|
Application Access
Mode
|
|
|
Application Access Settings
|
|
|
Accessible Resources
|
RDP
|
Select Bookmarks/Bookmarks Group that remote user can access.
|
Step 3: Create IP Host Object of Head Office WAN IP
Go to Objects à Hosts à IP Host and click Add to create an IP Host using the following parameters.
Parameter Description
|
Parameter
|
Value
|
Description
|
|
Name
|
192.168.20.182
|
Name to identify the Host.
|
|
Type
|
IP
|
Select type of Host.
Available options:
- IP
- Network
- IP Range
- IP List
|
|
IP Address
|
192.168.20.182
|
Specify the IP address of the Host.
|
Step 4: Include Host in Trusted Local Subnet in IPSec Connection
Go to VPN à IPSec à Connection and select the Head_to_Branch IPSec connection.
Add Head Office Wan IP, i.e., 192.168.20.182, in Trusted Local Subnet of the connection.
Branch Office Configuration
To configure the Branch Office Cyberoam, follow the steps given below.
Step 1: Create IP Host Object of Head Office WAN IP
Go to Objects à Hosts à IP Host and click Add to create an IP Host using the following parameters.
Parameter Description
|
Parameter
|
Value
|
Description
|
|
Name
|
192.168.20.182
|
Name to identify the Host.
|
|
Type
|
IP
|
Select type of Host.
Available options:
- IP
- Network
- IP Range
- IP List
|
|
IP Address
|
192.168.20.182
|
Specify the IP address of the Host.
|
Step 2: Include Host in Trusted Remote Subnet in IPSec Connection
Go to VPN à IPSec à Connection and select the Branch_to_Head IPSec connection.
Add Head Office Wan IP, i.e., 192.168.20.182, in Trusted Remote Subnet of the connection.
Once the above configuration is done at the Head Office and the Branch Office side, the SSL VPN user is able to access RDP server located at the Branch Office.
Document Version: 1.0 – 28/07/2012
| 
