This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

multiple SSL-VPN profiles

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

multiple SSL-VPN profiles

lauro7
L0 Member

‎02-28-2011 07:13 AM

I have to manage some different SSL-VPN profiles. I would offer to remote user the possibility to choose a VPN profile and then access the enterprise network with different policies. Is it possible ? How can I distinguish between one profile from another ? I suppose I need some IP public addresses to create different SSL portal with different IP, otherwise is it possible distinguish by means of Authentication profiles ?

Thanks.

0 Likes Likes
2 REPLIES 2

spolo
L4 Transporter

‎02-28-2011 09:23 AM

When you create an SSL VPN profile, you have to choose which tunnel interface it's on.  So maybe one way to distinguish different profiles is by creating security policy around which tunnel interface the user is on, or assigning different zones to those various tunnel interfaces and creating your security policy around those zones.  Then you can monitor and run reports based on zones.

You are correct, in order to have different profiles, you'll have to create different SSL VPN portals.  This will require different interfaces, and you're right, different public IP addresses for the users to point to.  In order to make it easier on your users, and if you have the ability to do so, you might consider hosting a redirect page somewhere, where you'd post a page that gives them descriptions and links to the portals you've created.  You could even leverage the custom SSL VPN portal page directly on the device if that would work for your application!

Hope this makes sense!

skrall
L4 Transporter

‎02-28-2011 10:51 AM

You will need 1 IP address for each SSL VPN portal you plan to create. Each portal will assign a different IP address space for users. You can even associate a different zone  with each portal. Each profile can then choose between LocalDB , RADIUS or LDAP for Authentication.  You can not allow HTTPS management of the device on the same IP address as an SSL VPN portal.

Steve Krall

0 Likes Likes
  • 3122 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks