Fig. 36.2, Internet, Example – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

10.0.0.0/24

Charlie

Backend
Authentication
Server (RADIUS)
10.0.0.5/24

iface: vlan1

10.0.0.1/24

alice.example.com

10.0.2.1/24

iface: ssl0

SSL VPN server

Dynamic (DHCP)

iface: vlan2

SSL VPN client

iface: vlan1

10.0.3.1/24

iface: vlan2
Dynamic (DHCP)

10.0.3.0/24

Bob

iface: ssl0

Dynamic (SSL)

Dave

Internet

(Local Office)

Company Intranet

(Local Office)

Company Intranet

Alice

(Central Office)

Company Intranet

Figure 36.2: SSL NET-NET setup. One or more SSL Client Gateway(s) (Bob) can
establish an SSL tunnel to the SSL Server Gateway, and provide a NET-NET VPN
solution between the central office and branch office networks.

TCP port 443. This port is typically used for HTTPS traffic, and most firewalls will
therefore allow such traffic to pass.

Note

As of WeOS v4.17.0, if you configure the your SSL server (Alice) to listen to
TCP port 443, you should either disable Alice’ web server or configure her
web server to listen for HTTPS at another port.

An example where Alice listens for SSL connections on TCP port 443 is given
below.

Example

alice:/config/#> web
alice:/config/web/#> ssl-port 8443
alice:/config/web/#> end
alice:/config/#> tunnel
alice:/config/tunnel/#> ssl 0
alice:/config/tunnel/ssl-0/#> protocol tcp
alice:/config/tunnel/ssl-0/#> port 443
alice:/config/tunnel/ssl-0/#> leave
alice:/#>

838

➞ 2015 Westermo Teleindustri AB