Novell Access Manager 3.1 SP4 User guide

Brand: Novell

Model: Access Manager 3.1 SP4

Category: VPN security equipment

Type: User guide

www.novell.com/documentation

SSL VPN User Guide

Access Manager 3.1 SP5

January 2013

Legal Notices

Novell,Inc.,makesnorepresentationsorwarrantieswithrespecttothecontentsoruseofthisdocumentation,andspecifically

disclaimsanyexpressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.Further,Novell,Inc.,

reservestherighttorevisethispublicationandtomakechangestoitscontent,at

anytime,withoutobligationtonotifyany

personorentityofsuchrevisionsorchanges.

Further,Novell,Inc.,makesnorepresentationsorwarrantieswithrespecttoanysoftware,andspecificallydisclaimsany

expressorimpliedwarrantiesofmerchantabilityorfitnessforanyparticularpurpose.Further,Novell,Inc.,reservestheright

makechangestoanyandallpartsofNovellsoftware,atanytime,withoutanyobligationtonotifyanypersonorentityof

suchchanges.

AnyproductsortechnicalinformationprovidedunderthisAgreementmaybesubjecttoU.S.exportcontrolsandthetrade

lawsofothercountries.Youagreeto

complywithallexportcontrolregulationsandtoobtainanyrequiredlicensesor

classificationtoexport,re‐exportorimportdeliverables.Youagreenottoexportorre‐exporttoentitiesonthecurrentU.S.

exportexclusionlistsortoanyembargoedorterroristcountriesasspecifiedintheU.S.

exportlaws.Youagreetonotuse

deliverablesforprohibitednuclear,missile,orchemicalbiologicalweaponryenduses.SeetheNovellInternationalTrade

ServicesWebpage(http://www.novell.com/info/exports/)formoreinformationonexportingNovellsoftware.Novellassumes

noresponsibilityforyourfailuretoobtainanynecessaryexportapprovals.

Inc.Allrightsreserved.Nopartofthispublicationmaybereproduced,photocopied,storedona 

retrievalsystem,ortransmittedwithouttheexpresswrittenconsentofthepublisher.

Novell, Inc.

1800 South Novell Place

Provo, UT 84606

U.S.A.

www.novell.com

OnlineDocumentation:ToaccessthelatestonlinedocumentationforthisandotherNovellproducts,seetheNovell

DocumentationWebpage(http://www.novell.com/documentation).

Novell Trademarks

ForNovelltrademarks,seetheNovellTrademarkandServiceMarklist(http://www.novell.com/company/legal/trademarks/

tmlist.html).

Third-Party Materials

Allthird‐partytrademarksarethepropertyoftheirrespectiveowners.

Contents 3

Contents

About This Guide 5

1 Overview of SSL VPN 7

1.1 Access Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

1.1.1 Kiosk Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7

1.1.2 Enterprise Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

1.2 Client Machine Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

1.2.1 Linux Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8

1.2.2 Macintosh Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

1.2.3 Windows Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

2 Accessing SSL VPN in Kiosk Mode 11

2.1 Accessing the SSL VPN User Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11

2.2 Switching from Kiosk Mode to Enterprise Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13

3 Accessing SSL VPN in Enterprise Mode 15

3.1 Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

3.2 Accessing SSL VPN When You Are an Admin or root User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

3.3 Accessing SSL VPN as a Non-Admin User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

3.4 Switching from Enterprise Mode to Kiosk Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

3.5 Enabling the Sudo Command for Standard Users in the Mac OS . . . . . . . . . . . . . . . . . . . . . . . . . . .19

4 Accessing Published Citrix Applications through SSL VPN 21

4.1 Accessing Published Citrix Applications in Kiosk Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

4.2 Accessing Published Citrix Applications in Enterprise Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21

5 Using SSL VPN 23

5.1 Using the SSL VPN Home Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23

5.2 Using the Policies Page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24

5.3 Configuring the Cleanup Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25

5.4 Viewing SSL VPN Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26

5.5 Enabling Applications for SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

5.5.1 Enabling Linux Applications for SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

5.5.2 Enabling Macintosh Applications for SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

5.5.3 Enabling Terminals for SSL. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

5.6 Logging Out of the Active SSL VPN Session. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

5.7 Using the Sandbox Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28

5.8 Error. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

5.9 Connecting after the Session Timeout Period . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

5.10 Downloading the Applet on Internet Explorer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .30

4 Novell Access Manager 3.1 SP5 SSL VPN User Guide

A Error Messages 31

B Troubleshooting SSL VPN 49

B.1 SSL VPN Fails to Load If Firefox 3.0 Is Used on Vista 64-bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

B.2 Error: Failed to Fetch CIC Policy from the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

B.3 Stability Issues when You Use a Firefox Browser on a Vista 64-Bit Machine . . . . . . . . . . . . . . . . . . 50

B.4 Unable to Connect to SSL VPN Because of the OpenVPN Error . . . . . . . . . . . . . . . . . . . . . . . . . . .50

B.5 The SSL VPN Applet Fails to Download on a SLED 11 64-Bit Machine . . . . . . . . . . . . . . . . . . . . . .51

B.6 Unable to Connect to SSL VPN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

B.7 Unable to Connect to SSL VPN from the Same Internet Explorer Browser Session. . . . . . . . . . . . .52

B.8 The SSL VPN Connection Fails with an OpenVPN Connection Error . . . . . . . . . . . . . . . . . . . . . . . .52

B.9 The Browser Cache Is Not Cleared When Multiple Tabs Are Used in Vista . . . . . . . . . . . . . . . . . . .52

B.10 Failed to Connect to SSL VPN. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .52

B.11 Mozilla Firefox Browser Displays an “X” Mark . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

B.12 Applications Are Not Enabled from the Terminal after Running the su Command . . . . . . . . . . . . . . 53

B.13 SSL VPN Session Disconnects after Approximately 10 Hours . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53

B.14 Error: Failed to Download the SSLVPN Files from Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53

B.15 Unable to Connect After the Previous Connection Ended Abruptly. . . . . . . . . . . . . . . . . . . . . . . . . . 54

B.16 SSL VPN Client Displays the Nonsecure Items Dialog Box. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .54

B.17 Clear Cache Option Retains Some Image Files in the Temporary Internet Folder . . . . . . . . . . . . . .54

B.18 SSL VPN Fails to Retrieve Help Pages When There Is an Error. . . . . . . . . . . . . . . . . . . . . . . . . . . .55

B.19 The Browser Becomes Non-Responsive If Clear Browser Private Data Is Repeatedly Clicked . . . .55

B.20 SSL VPN Issues with the Latest Versions of JRE 1.6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55

B.21 Unable to Access Protected HTTP Applications through a Safari Browser . . . . . . . . . . . . . . . . . . . . 55

B.22 Linux Browser Issues in Kiosk Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .55

B.23 Issues with the Intlclock Toolbar Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .56

B.24 Socks Client Logs Are Displayed under Service Logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

B.25 Connection Fails in SSL VPN If the Root User Password Is Not Set in Macintosh . . . . . . . . . . . . . . 56

B.26 SSL VPN Log In Displays Error . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

B.27 SSL VPN Fails to Connect after SP2 Upgrade due to IP Address Assignment Error . . . . . . . . . . . . 56

B.28 Applications do not Use DNS Configured at SSL VPN Server When DNS is Manually Configured at Mac

Leopard Machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57

About This Guide 5

About This Guide

ThisdocumentisintendedtohelpyouunderstandandusetheSSLVPNuserportal.Itcontainsthe

followinginformation:

 Chapter 1,“OverviewofSSLVPN,”onpage 7

 Chapter 2,“AccessingSSLVPNinKioskMode,”onpage 11

 Chapter 3,“AccessingSSLVPNinEnterpriseMode,”onpage 15

 Chapter 4,“AccessingPublishedCitrixApplications

throughSSLVPN,”onpage 21

 Chapter 5,“UsingSSLVPN,”onpage 23

 Appendix B,“TroubleshootingSSLVPN,”onpage 49

 Appendix A,“ErrorMessages,”onpage 31

Audience

ThisguideisintendedforNovellAccessManagerSSLVPNendusers.

Feedback

Wewanttohearyourcommentsandsuggestionsaboutthismanualand theotherdocumentation

includedwiththisproduct.PleaseusetheUserCommentsfeatureatthebottomofeachpageofthe

onlinedocumentation,orgotowww.novell.com/documentation/feedback.htmlandenteryour

commentsthere.

Documentation Updates

ForthemostrecentversionoftheSSLVPNUserGuide,visittheNovellAccessManager

DocumentationWebsite(http://www.novell.com/documentation/novellaccessmanager31).

Additional Documentation

 NetIQAccessManager3.1SP5SSLVPNServerGuide

 NovellAccessManager3.1SP4InstallationGuide

 NovellAccessManager3.1SP5SetupGuide

 NovellAccessManager3.1SP5AdministrationConsoleGuide

 NetIQAccessManager3.1SP5IdentityServerGuide

 NetIQAccessManager3.1SP5AccessGatewayGuide

Documentation Conventions

InNovelldocumentation,agreater‐thansymbol(>)isusedtoseparateactionswithinastepand

itemsinacross‐referencepath.

6 Novell Access Manager 3.1 SP5 SSL VPN User Guide

Overview of SSL VPN 7

Overview of SSL VPN

TheNovellAccessManagerSSLVPNallowsyoutouseaWebbrowsertoaccesscorporateresources

securelyfromaremotesite.ItusesaSecureSocketLayer(SSL)withavirtualprivateconnection

(VPN).Itisaclientlesssolution,anditeliminatestheneedtoinstallorconfigureaVPN

clienton

yourdesktoporlaptop.Thisgivesyoutheflexibilitytoaccessthecorporateresourcesfromalaptop,

ahomecomputer,oraWebbrowsingkiosk.

WhenyouaccesstheSSLVPNserverthroughaWebbrowser,aJavaappletoranActiveXcontrolis

installedonyourmachine

afterthesuccessfulconnection.Thisencryptsthetrafficpassingthrough

thetunnelandsendsittotheSSLVPNserver.

ThissectiondescribesthefollowingfeaturesofSSLVPN:

 Section 1.1,“AccessModes,”onpage 7

 Section 1.2,“ClientMachineRequirements,”onpage 8

1.1 Access Modes

TheNovellSSLVPNusesbothclientlessandthin‐clientaccessmethods.Theclientlessmethodis

calledtheKioskmodeSSLVPNandthethin‐clientmethodiscalledtheEnterprisemodeSSLVPN.

 Section 1.1.1,“KioskMode,”onpage 7

 Section 1.1.2,“EnterpriseMode,”onpage 8

1.1.1 Kiosk Mode

Kioskmodeistheusualchoiceforcomputersnotcontrolledbytheorganization,suchashome

computersandcomputersinWeb‐browsingkiosks.WhenyouconnecttoSSLVPNinKioskmode,

onlyalimitedsetofapplicationsareenabledfor SSL.

ApplicationsthatwereopenedbeforetheSSLVPNconnection

wasestablishedarenotenabledfor

SSL.YoumustmanuallyenabletheapplicationsthatwereopenedbeforetheSSLVPNconnection.

Formoreinformation,seeSection 5.5,“EnablingApplicationsforSSL,”onpage 27.

YouareconnectedtoSSLVPNinKioskmodeif:

 Youdonothaveadministratorrightsor

root

privilegestotheworkstation,andyoudonot

knowthecredentialsoftheadministratoror

root

userofthemachine.

 Youhaveadministratorrightsor

root

privilegestotheworkstation,butyouarerequiredbythe

systemadministratortoconnectinKioskmodeonly.

FormoreinformationonusingtheKioskmode,seeChapter 2,“AccessingSSLVPNinKioskMode,”

onpage 11.

8 Novell Access Manager 3.1 SP5 SSL VPN User Guide

1.1.2 Enterprise Mode

TheEnterprisemodeistheusualchoiceforcomputersthatarecontrolledbytheorganization,such

asnotebooksprovidedbytheorganizationforemployees.WhenyouconnecttoSSLVPNin

Enterprisemode,allapplicationsareenabledforSSL,regardlessofwhethertheywereopenedbefore

orafterconnectingtotheSSL

VPN.Thisincludesyourdesktopapplicationsandtoolbarapplications.

YouareconnectedtoSSLVPNinEnterprisemodeif:

 Youare theadministratoror

root

userofaworkstation,ifthesystemadministratorhasnot

requiredyoutoconnectinKioskmodeonly.

 Youarenottheadministratoror

root

userofaworkstation,butyouknowthecredentialsofthe

administratoror

root

user.

 IfsomeonewithadministratoraccesshaspreinstalledtheSSLVPNthin‐clientcomponentson

yourmachine,youcanconnecttoSSLVPNinEnterprisemode.Formoreinformationon

preinstallingthethin‐clientcomponents,see“PreinstallingtheSSLVPNClientComponents”in

theNetIQAccessManager3.1SP5

SSLVPNServerGuideNetIQAccessManager3.1SP5SSLVPN

ServerGuide.

FormoreinformationonusingEnterprisemode,seeChapter 3,“AccessingSSLVPNinEnterprise

Mode,”onpage 15.

1.2 Client Machine Requirements

Thissectionexplainstheoperatingsoftwareandbrowserrequirementsfortheclientmachine,in

ordertoaccesstheSSLVPNuserportal.

 Section 1.2.1,“LinuxRequirements,”onpage 8

 Section 1.2.2,“MacintoshRequirements,”onpage 9

 Section 1.2.3,“WindowsRequirements,”onpage 9

1.2.1 Linux Requirements

WhenyouaccesstheSSLVPNuserportalintheLinuxaJavaappletisdownloadedtotheclient

machine.Thefollowingtableliststhesupportedversionsofoperating softwareandbrowsersforthe

Linuxenvironment:

Table 1-1 SupportedLinuxConfigurations

Component Requirement

Operating Systems

SUSE

Linux Enterprise Desktop (SLED) 10.0 and SLED 11 are supported for 32-

bit and 64-bit platforms.

OpenSSL 0.9.7 or higher. If your OpenSSL version is higher than 0.9.7, you must install an

OpenSSL 0.9.7 compatible library.

Shells bash

xterm

Browser Mozilla Firefox 2.x, 3.0.X and 3.x

Java and JavaScript enabled

Overview of SSL VPN 9

NOTE:IfyouareusingSLED11.064‐bitclient,makesurethatyouhavethelatestJREinstalledon

yourmachine.

1.2.2 Macintosh Requirements

WhenyouaccesstheSSLVPNuserportalintheMacintoshenvironment,aJavaappletis

downloadedtotheclientmachine.Thefollowingtableliststhesupportedversionsofoperating

softwareandbrowsersintheMacenvironment:

Table 1-2 SupportedMacintoshConfigurations

NOTE:GroupWise7.0and8.0doesnotworkwhenSSLVPNKioskmodeisrunningonMacintosh

TigerOS.

1.2.3 Windows Requirements

WhenyouaccesstheSSLVPNuserportalintheWindowsenvironment,anActiveXcontrolis

downloadedtotheclientmachine.IfyouwanttodownloadtheJavaappletonyourmachineinstead

oftheActiveXcontrol,theadministratorneedstoperformsomeserver‐sideconfigurations.Formore

information,referto

“ConfiguringSSLVPNtoDownloadtheJavaAppletonInternetExplorer”in

theNetIQAccessManager3.1SP5SSLVPNServerGuide.

ThefollowingtableliststhesupportedversionsofoperatingsoftwareandbrowsersintheWindows

environment:

Sun JRE 1.5.0_11 or higher

Component Requirement

Operating System Mac PPC 10.4 Tiger

Mac Intel 10.5 Leopard

Mac OSX 10.6 Snow Leopard

OpenSSL 0.9.7

Shell bash

Browser Mac Safari 2.0.4 Build 412 or higher

Firefox 2.x, 3.0.X or 3.5

Java and JavaScript enabled

Sun JRE 1.5.0_11 or higher

10 Novell Access Manager 3.1 SP5 SSL VPN User Guide

Table 1-3 SupportedWindowsConfigurations

Component Requirement

Operating System Windows XP SP2/SP3 - 32-bit and 64-bit

Windows Vista - 32-bit and 64-bit

Windows 7 32-bit and 64-bit

NOTE: Windows 64-bit is supported only in Enterprise Mode

Browser Internet Explorer 7.0 and 8.0

Mozilla Firefox 2.x, 3.0.x, 3.5, 3.6 x

NOTE: Do not use Windows Explorer to run SSL VPN.

Sun JRE 1.4.1 or higher

NOTE: If you are using Firefox 3.6, you must have Java SE 6 update 10 or

higher.

Accessing SSL VPN in Kiosk Mode 11

Accessing SSL VPN in Kiosk Mode

Kioskmodeistheusualchoiceforcomputersnotcontrolledbytheorganization,suchashome

computersandcomputersinWeb‐browsingkiosks.

IntheKioskmodeofSSLVPN,onlythoseapplicationsthatareopenedafterconnectingtotheSSL

VPNserverareenabledforSSL.Youmustmanuallyadd

theapplicationsthatwereopenedbefore

connectingtoSSLVPNinordertoenablethemforSSL.Formoreinformationonmanuallyadding

theapplications,seeSection 5.5,“EnablingApplicationsforSSL,”onpage 27.

ThissectionhasthefollowinginformationonaccessingSSLVPNinKioskmode:

 Section 2.1,“AccessingtheSSLVPN

UserPortal,”onpage 11

 Section 2.2,“SwitchingfromKioskModetoEnterpriseMode,”onpage 13

ForinformationonconnectingtotheSSLVPNuserportalinEnterprisemode,seeChapter 3,

“AccessingSSLVPNinEnterpriseMode,”onpage 15.

2.1 Accessing the SSL VPN User Portal

1 LogintotheSSLVPNserverbyusingthefollowingURL:

https://<dns_name>/sslvpn/login

Replace<dns_name>withtheDNSnameofyourSSLVPNserver.

2 OntheAccessManagerpage,specifytheusernameandpassword,thenclickOK.

3 ClickYes inthewarningmessagetoacceptanddownloadthesignedActiveXcontrolorJava

appletrequiredfortheSSLVPNclient.TheSSLVPNmodeselectiondialogboxisdisplayed.

12 Novell Access Manager 3.1 SP5 SSL VPN User Guide

4 Dooneofthefollowing:

 SelectKioskMode(Current)toconnecttoSSLVPNinKioskmodeforthecurrentsession.

Whenyouselectthisoption,youarepromptedtoentertheusernameandpasswordforthe

administratoruserthenexttimeyoulogin.

 ClickKioskMode(Always)toalways

connecttoSSLVPNinKioskmode.Whenyouselect

thisoption,youareconnectedtoSSLVPNinKioskmodeinthesubsequentloginswithout

beingpromptedtoselectthemode.IfyouwanttoconnecttoSSLVPNinEnterprisemode

inoneofthesubseq uent connections,you

candoso.Formoreinformation,seeSection 2.2,

“SwitchingfromKioskModetoEnterpriseMode,”onpage 13.

5 ClickOK.IfyouclickCancelyouare connectedtoSSLVPNinKioskmodeforthecurrent

session.

6 (Conditional)Ifyouareanon‐adminuserandifyouareusingInternetExplorertoconnectto

SSLVPN,clickthelinkdisplayedinoption2ofthe followingscreentoproceedwiththeSSL

VPNconnection.

Thispageisdisplayedbecauseanon‐adminuserofthemachinecannot

downloadtheActiveX

control,whichisessentialtoestablishtheSSLVPNconnection.Clickingthelinkdownloadsthe

appletonyourmachineandestablishestheconnection.

7 IftheSSLVPNconnectionissuccessful,theSSLVPNHomepageisdisplayed.Makesurethat

youkeepthebrowseropenthroughouttheSSLVPNsession,andcontinuewithStep 8.

IftheSSLVPNconnectionfails,anerrormessageisdisplayed.SkiptoStep 9.

Accessing SSL VPN in Kiosk Mode 13

8 Dooneofthefollowing,dependingonwhetheryouareaLinux,Macintosh,orWindowsuser:

 Linux:IfyouareaLinuxuser,openanewterminaltolaunchapplications thatneedtobe

enabledforSSL.Formoreinformation,seeSection 5.5.1,“EnablingLinuxApplicationsfor

SSL,”onpage 27.

 Macintosh:

IfyouareaMacintoshuser,openanewterminaltolaunchapplications that

needtobeenabledforSSL.Formoreinformation,seeSection 5.5.2,“EnablingMacintosh

ApplicationsforSSL,”onpage 28.

 Windows:IfyouareaWindowsuser,openapplicationsthatyouwanttoaccessfromyour

protectednetwork.

9 IftheSSLVPNconnectionfails,clickLogout toclosethesessionandretry.Formoreinformation

ontheseerrormessages,seeAppendix A,“ErrorMessages,”onpage 31

2.2 Switching from Kiosk Mode to Enterprise Mode

IfyouselectedKioskMode(Always)whenyoufirstconnectedtoSSLVPN,youareconnectedtoSSL

VPNinKioskmodeinsubsequentconnections.However,youcanswitchtoEnterprisemodeafter

youconnect.

1 ConnectinKioskmode.

2 ClickExittologoutofthecurrentsession.

3 SelecttheEnableEnterprisemodecheckboxintheExitSSLVPNpage.

4 LoginagaininEnterprisemode.

FormoreinformationonconnectingtoSSLVPNinEnterprisemode,seeChapter 3,“Accessing

SSLVPNinEnterpriseMode,”onpage 15.

14 Novell Access Manager 3.1 SP5 SSL VPN User Guide

Accessing SSL VPN in Enterprise Mode 15

Accessing SSL VPN in Enterprise Mode

TheEnterprisemodeistheusualchoiceforcomputersthatarecontrolledbytheorganization,such

asnotebooksprovidedbytheorganizationforemployees.

WhenyouaccesstheSSLVPNuserportalinEnterprisemode,allapp licationsareenabledforSSL,

whethertheywereopenedbeforeoraftertheSSLVPN

connectionwasmade.

Thissectioncontainsthefollowinginformation onusingtheSSLVPNuserportalinEnterprise

mode:

 Section 3.1,“Prerequisites,”onpage 15

 Section 3.2,“AccessingSSLVPNWhenYouAreanAdminorrootUser,”onpage 15

 Section 3.3,“AccessingSSLVPNasaNon‐AdminUser,”onpage 17

 Section 3.4,“Switchingfrom

EnterpriseModetoKioskMode,”onpage 19

 Section 3.5,“EnablingtheSudoCommandforStandardUsersintheMacOS,”onpage 19

ForinformationonconnectingtotheSSLVPNuserportalinKioskmode,seeChapter 2,“Accessing

SSLVPNinKioskMode,”onpage 11.

3.1 Prerequisites

ToconnecttoSSLVPNinEnterprisemode:

 YoushouldbeanadminuserintheWindowsenvironmentor

root

userintheLinuxor

Macintoshenvironment,orauserwiththeadministrativeor

root

useraccess.

 Ifyouareanon‐adminoranon‐

root

useranddonothaveadminor

root

useraccess,youmust

pre‐installtheclientcomponents.Formoreinformationonpre‐installingtheclientcomponents,

see“PreinstallingtheSSLVPNClientComponents”intheNetIQAccessManager3.1SP5SSL

VPNServerGuide.

 Youmust havetherecommendedbrowseroroperatingsoftwareinstalledinyoursystem.

For

moreinformation,seeSection 1.2,“ClientMachineRequirements,”onpage 8.

 Ifyouareastandarduser,makesurethatthesudocommandisenabled.Formoreinformation,

seeSection 3.5,“EnablingtheSudoCommandforStandardUsersintheMacOS,”onpage 19.

3.2 Accessing SSL VPN When You Are an Admin or root User

Ifyouareanadminor

root

user,theEnterprisemodeofSSLVPNisenabledbydefaultunlessthe

SSLVPNadministratorhasconfiguredyoutoconnectinKioskmodeonly.

1 LogintotheSSLVPNserverbyusingthefollowingURL:

https://<dns_name>/sslvpn/login

Replace<dns_name>withtheDNSnameofyourSSLVPNserver.

16 Novell Access Manager 3.1 SP5 SSL VPN User Guide

2 OntheAccessManagerpage,specifytheusernameandpassword,thenclickOK.

3 ClickYes inthewarningmessagetoacceptanddownloadthesignedappletcomponents

requiredforSSLVPN.

4 (Conditional)Iftheconnectionissuccessful,theSSLVPNHomepageisdisplayed,allowing

accesstoalltheresourceslistedonthePolicytab.Makesurethatyoudonotclosethisbrowser

duringtheSSLVPNsession.

IftheSSLVPNconnectionfails,anerrormessageisdisplayed.

Accessing SSL VPN in Enterprise Mode 17

5 (Conditional)Ifyouseethiserrormessage,clickLogouttologoutofthesession.Formore

informationontheseerrormessages,seeAppendix A,“ErrorMessages,”onpage 31.

3.3 Accessing SSL VPN as a Non-Admin User

Ifyouareanon‐adminoranon‐

root

user,butyouknowthecredentialsoftheadministratoror

root



user,youcanconnecttoSSLVPNinEnterprisemodeasfollows:

1 LogintotheSSLVPNserverbyusingthefollowingURL:

https://<dns_name>/sslvpn/login

Replace<dns_name>withtheDNSnameofyourSSLVPNserver.

2 OntheAccessManagerpage,specifytheusernameandpasswordoftheadministratororthe

root

userofthemachine,thenclickOK.

3 ClickYes todownl oadthesignedappletcomponentsrequiredforSSLVPN.

4 SelectEnterprisemodelogininthedialogboxpromptingyoutoselectamodeofSSLVPN.

18 Novell Access Manager 3.1 SP5 SSL VPN User Guide

5 Specifytheusernameandpasswordoftheadministratoror

root

user,thenclickOK.

Youare connectedtoSSLVPNinEnterprisemodeinsubsequentconnections.Youarenot

promptedfortheadministratoror

root

usernameandpasswordthenexttimeyoulogin.

IfyouclickOKinthedialogboxtoenableEnterprisemodeofSSLVPNandyoulaterwantto

switchtotheKioskmodeonthesamemachine,seeSection 3.4,“SwitchingfromEnterprise

ModetoKioskMode,”onpage 19

6 (Conditional)IfyouareusingtheInternetExplorerbrowserand theActiveXcontrolisnot

installed,clickthetoolbarofthefollowingscreentodownloadtheActiveXcontrol:

7 (Conditional)Iftheconnectionissuccessful,theSSLVPNHomepageisdisplayed,allowing

accesstoalltheresourceslis tedonthePolicypage.Makesurethatyoudonotclosethisbrowser

duringtheSSLVPNsession.

Accessing SSL VPN in Enterprise Mode 19

IftheSSLVPNconnectionfails,anerrormessageisdisplayed.Formoreinformationonthese

errormessages,seeAppendixA,“ErrorMessages,”onpage15

3.4 Switching from Enterprise Mode to Kiosk Mode

Ifyouareanon‐adminornon‐

root

userandyouenabledtheEnterprisemodeofSSLVPN,youare

connectedtoSSLVPNintheEnterprisemodeinsubsequentlogins.YoucanreturntoKioskmodeon

thesameworkstationduringthenextlogin.

1 ConnectinEnterprisemode.

2 ClickExittologoutofthecurrentsession.

3 SelecttheUninstallEnterprisemodecheckboxontheExitSSLVPNpage.

4 LoginagaininKioskmode.

FormoreinformationonconnectingtoSSLVPNinKioskmode,seeChapter 2,“AccessingSSL

VPNinKioskMode,”onpage 11.

3.5 Enabling the Sudo Command for Standard Users in the Mac

NovellSSLVPNusesthe

sudo

commandtogainrootprivilegesfornon‐rootusersintheMacOS.

ThiscommandisnotenabledbydefaultforstandardusersintheMacOS.

Tomanually enablethecommand:

1 Open

/etc/sudoers

2 Addthefollowinglines:

Defaults targetpw

ALL ALL=(ALL) ALL

3 Saveandclosethefile.

20 Novell Access Manager 3.1 SP5 SSL VPN User Guide

Page is loading ...

Novell Access Manager 3.1 SP4 User guide

Brand: Novell

Model: Access Manager 3.1 SP4

Category: VPN security equipment

Type: User guide

Download PDF

report

Novell Access Manager 3.1 SP4 User guide

Novell Access Manager 3.1 SP4 User guide

Related papers

Other documents