How to Deploy SSL VPN with Apple Mac OS X 10.10 Operating System

Zyxel_Charlie
Zyxel_Charlie Posts: 1,006  Zyxel Employee
SCENARIO DESCRIPTION:

This is an example of using the ZyWALL/USG SSL VPN client software in Apple MAC OS X 10.10 Yosemite operating systems for secure connections to the network behind the ZyWALL/USG. When the VPN tunnel is configured, users can securely access the network from a Mac OS X 10.11 Yosemite computer.
ZyWALL/USG SSL VPN with Apple MAC OS X 10.10 Yosemite

Note:
All network IP addresses and subnet masks are used as examples in this article. Please replace them with your actual network IP addresses and subnet masks. This example was tested using USG110 (Firmware Version: ZLD 4.13) and Apple MAC (Version: OS X10.10 Yosemite).

 

SETUP/STEP BY STEP PROCEDURE:
Step 1: Set Up the SSL VPN Tunnel on the ZyWALL/USG 

1     In the ZyWALL/USG, go to CONFIGURATION > VPN > SSL VPN > Access Privilege to add an Access Policy. Configure a Name for you to identify the SSL VPN configuration.

CONFIGURATION > VPN > SSL VPN > Access Privilege > Access Policy > Configuration


2     Go to Create new Object > User to add User Name (SSL_VPN_1_Users in this example) and Password (4-24 characters, zyx168 in this example), click OK.

CONFIGURATION > VPN > SSL VPN > Access Privilege > Access Policy > Create new Object > User


3     Go to Create new Object > Application to add servers you allow SSL_VPN_1_Users to access, click OK.

CONFIGURATION > VPN > SSL VPN > Access Privilege > Access Policy > Create new Object > Application


4     Go to Create new Object > Address to add the IP address pool for SSL_VPN_1_Users.

CONFIGURATION > VPN > SSL VPN > Access Privilege > Access Policy > Create new Object > Address


5     Then, move the just created address object to Selected User/Group Objects. Similarly, in SSL Application List (Optional) move the servers you want available to SSL users to Selected Appellation Objects.

CONFIGURATION > VPN > SSL VPN > Access Privilege > Access Policy > User/Group & SSL Application


6     Scroll down to Network Extension (Optional) to select Enable Network Extension to allow SSL VPN users to access the resources behind the ZyWALL/USG local network.

Select network(s) name in the Selectable Address Objects list and click the right arrow button to add to the Selected Address Objects list. You can select more than one network.

CONFIGURATION > VPN > SSL VPN > Access Privilege > Access Policy > Network Extension (Optional)


Step 2: Set Up the SSL VPN Tunnel on the Apple MAC OS X 10.10 Operating System

1     Download SSL VPN Client software: ZyWALL SecuExtender for MAC from the ZyXEL Global Website and double-click on the downloaded file to install it.



2     Go to ZyWALL SecuExtender > Preferences, click the "+" button at the bottom left to add a new SSL VPN connection.


3     Configure the Connection Name for you to identify the SSL VPN configuration. Then, set the Remote Server Address to be the WAN IP of ZyWALL/USG (172.16.1.33 in this example). Click Save.


4     Here are two methods to initiate SSL VPN connections:

a.  From ZyWALL SecuExtender
b.  From a Web Browser

a. From ZyWALL SecuExtender

Go to ZyWALL SecuExtender > Connect > SSL_VPN, to display the username and password dialog box. Set Username and Password to be the same as your ZyWALL/USG SSL VPN Selected User/Group name and password (SSL_VPN_1_Users/zyx168 in this example).


b.  From a Web Browser

Type ZyWALL/USG’s WAN IP into the browser, to display the login screen. Enter User Name and Password to be the same as your ZyWALL/USG SSL VPN Selected User/Group name and password (SSL_VPN_1_Users/zyx168 in this example). Click SSL VPN.

VERIFICATION:

Test the SSL VPN Tunnel

 

1     Go to ZyWALL/USG MONITOR > VPN Monitor > SSL and verify the tunnel Login AddressConnected Time and the Inbound(Bytes)/Outbound(Bytes)traffic.

MONITOR > VPN Monitor > SSL > SSL_VPN_1_Users


2     Go to ZyWALL SecuExtender > Details and check Traffic GraphNetwork Traffic Statics and Log Details.

ZyWALL SecuExtender > Details > Traffic Graph


ZyWALL SecuExtender > Details > Network Traffic Statics


ZyWALL SecuExtender > Details > Log Details


What Can Go Wrong?

 

1     If you see [notice] or [alert] log message such as below, please check ZyWALL/USG SSL Selected User/Group Objects settings. MAC OS X 10.10 Yosemite users must use the same Username and Password as configured in ZyWALL/USG to establish the SSL VPN tunnel.


2     If you uploaded a logo to show in the SSL VPN user screens but it does not display properly, check that the logo graphic is in GIF, JPG, or PNG format. The graphic should use a resolution of 103 x 29 pixels to avoid distortion when displayed. The ZyWALL/USG automatically resizes a graphic of a different resolution to 103 x 29 pixels. The file size must be 100 kilobytes or less. Transparent background is recommended.

 

3     If users can log into the SSL VPN but cannot see some of the resource links check the SSL application object’s configuration.

 

4     If the ZyWALL/USG redirects the user to the user aware screen, check whether the user account is included in an SSL VPN access policy or not.

 

5     Changing the HTTP/HTTPS configuration disconnects SSL VPN network extension sessions. Users need to re-connect if this happens.


Sign In to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click on this button!