This section describes how to configure a SCVPN server.
To create a SCVPN instance, take the following steps:
Option | Description | |
---|---|---|
Access interface |
Specifies the SCVPN server interface. This interface is used to listen to the request from SCVPN client. The options are:
|
|
Tunnel interface and address pool |
Tunnel interface |
Specifies the tunnel interface used to bind to the SCVPN tunnel. Tunnel interface transmits traffic to/from SCVPN tunnel. The options are:
|
Address pool |
Specifies the SCVPN address pool. The options are:
|
Option | Description |
---|---|
Policy | Select The following policy rules are created by system automatically. And the policy rules in the list will be created automatically. You can also create or edit the policy rules in the Policy page (Configure > Security > Policy). For more information about policy rules, see Configuring a Policy Rule. |
Tunnel route |
Specifies the routes from SCVPN tunnel to the specific network segments. SCVPN clients access the specified network segments through the routes assigned by SCVPN server. Take the following steps:
|
Option | Description |
---|---|
Security kit | SSL version: Specifies the SSL version. The system supports SSLv3 and TLSv1. Any indicates both of the versions. |
Trust domain: Specifies the trust domain. | |
Encryption: Specifies the encryption algorithm of the SCVPN tunnel. The default value is 3DES. NULL indicates no encryption. | |
Hash: Specifies the hash algorithm of the SCVPN tunnel. The default value is SHA-1. NULL indicates no hash. | |
Compression: Specifies the compression algorithm of the SCVPN tunnel. By default, no compression. | |
Client connection | Idle time: Time that a client keeps online without any traffic with the server. After waiting for the idle time, the server will disconnect the connection with the client. The value range is 15 to 120 minutes. The default value is 30. |
Multiple login: This function permits one client to sign in at more than one place simultaneously. Select the Enable check box to enable the function. Type the login time into the Login times box. The value range is 0 to 99999999. The value of 0 indicates no login time limitation. | |
Advanced | Anti-Replay: The anti-replay function is used to prevent replay attacks. The default value is 32. |
DF bit: Specifies whether to permit packet fragmentation on the device forwarding the packets. The actions include:
|
|
Port (UDP): Specifies the UDP port number for the SCVPN connection. |
Option | Description |
---|---|
Client configuration |
Redirect URL: This function redirects the client to the specified redirected URL after successful authentication. Type the redirected URL into the box. The value range is 1 to 255 characters. HTTP (http://) and HTTPS (https://) URLs are supported. Based on the type of the URL, the corresponding fixed format of URL is required. Take the HTTP type as the example:
|
English title: Specifies the English description for the redirect URL. The value range is 1 to 31 bytes. This title will appear as a client menu item for the English operating system PC. | |
Chinese title: Specifies the Chinese description for the redirect URL. The value range is 1 to 63 bytes. This title will appear as a client menu item for the Chinese operating system PC. | |
Digital Certificate authentication |
Authentication: Select the Enable check box to enable the Digital Certificate authentication function. There are two options available: Username/Password + Digital Certificate and Digital Certificate only.
Note: When Digital Certificate only is selected:
|
Download URL: When USB Key authentication is enabled, you can download the UKey driver from this URL. | |
To configure the trust domain and the subject & username checking function, take the following steps:
|
Option | Description |
---|---|
Host Check |
Creates a host check rule (binding host check profile to the host check rule) to perform the host check function. Take the following steps:
Note: You must create the host check profile first before creating the host check rule here. For more information about host check profile, see Introduction to Host Check. |
Host binding | Select the Enable host binding check box to enable the function. By default, one user can only log in on one host. You can change the login status by configuring the following options.
Note: To use the host binding function, you still have to configure it in the host binding configuration page. For more information about host binding, see Introduction to Host Binding. |
Function | Description |
---|---|
Optimal Path Detection |
Optimal path detection can automatically detect which ISP service is better, giving remote users a better user experience. To configure the function, take the following steps:
|
To edit a SCVPN instance, take the following steps:
To edit a SCVPN instance, take the following steps:
To view the SCVPN online users, take the following steps: