This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>
Distance Education
National Research and Education Network
Education Cloud Data Center
Campus Network
Smart Experience
Smart Decision-Making
Smart Architecture
eHospital
Regional Health
Multi-Channel HD Telemedicine Solution
Over The Top/Multi-Tenant Data Center (OTT/MTDC)
Internet Exchange Point (IXP)
Internet Access Provider (IAP)
Individual Requirements
Design & Simulation
Planning & Analytics
Digital Production
After-Sales Services
Oil & Gas IoT
Digital pipeline
HPC & Operations Management
Digital Railway
Digital Urban Rail
Smart Aviation
Retail Cloud Platform
Documentation Software Download Knowledge Base Bulletins Multimedia Portal Community Online Courses Multilingual Documents
Enterprise Network
Enterprise Data Center
Intelligent Computing
Enterprise Cloud Communications
Network Management System
Enterprise Wireless
Network Energy
By Industry
ISP
Education
Public Safety
Transportation
By Application
Enterprise Network
Buy from Huawei
If you want to get more information about your project, you can submit your information and we will contact you as soon as possible.
If your company has signed an eDeal contract with Huawei, please buy your required product/solution via the link below.
Buy from resellers
Search for a nearby reseller and get direct contact information.
Locator
Become a Partner
Resources and Support
Product
Solution
Industry
Others
Huawei Certification
Huawei Training
Huawei Authorized Learning Partner
Huawei Authorized Information and Network Academy
Customer requirements is to give SSL VPN
access their employ and other supplier. They would like to create a network
extension different for type of user:
-
Employ need to reach internal network A e B
-
Supplier need to reach internal network B
First we need to follow this
configuration example . And we need to add some other configurations to achieve
customer’s need.
First way:
1, customer need to add a
authentication policy for the network extent IP pool.
2, for the network extension, please add
network A and B in the accessible private network segment list.
3, in the security policy, please add a
policy deny the access to network A with other supplier.
Second way
1, create the group and users in the
domain.
2, create the SSL VPN with web.
3, Binding ip pool (start with 10.1.1.1)
with group1 (for employ). And binding another pool to the group for other
supplier.
<sysname> system-view
[sysname] v-gateway abc -into the ssl
vpn gateway
[sysname-abc] service
[sysname-abc-service] network-extension netpool 10.1.1.1
10.1.1.10 255.255.255.0 -create the ip pool for group1
[sysname-abc-service] quit
[sysname-abc] vpndb
[sysname-abc-vpndb] group /default/group1
-add the group to v-gateway
[sysname-abc-vpndb] group /default/group1 network-extension
netpool 10.1.1.1 -binding the ip pool with
group
[sysname-abc-vpndb]
display group -
[sysname-abc-vpndb]
display user
[sysname-abc-vpndb]
display group /default/group1 - Displays detailed information about a user group, including
whether the user group is bound to a virtual IP address segment.
4, create a security policy
deny the ip pool ( which is binding the group with supplier ) access to network
A.
Source zone: ip pool,
destination zone: network
A. Action: deny
END
Author : t00210480
Document ID: EKB1001445570
Fault Type :
Copyright © 2019 Huawei Technologies Co., Ltd. All rights reserved.