SSL-VPN Connection
The SSL-VPN connection function allows you to make secure connections to a virtual environment built on the system, and to log in to the virtual server to perform management operations.
To connect with SSL-VPN, add an SSL-VPN Connection resource to your system maintenance network.
For the procedure for building SSL-VPN connection environments, refer to Connecting to a Virtual Server OS through an SSL-VPN Connection.
Do not specify the following network addresses in the client address pool for SSL-VPN. If the following network addresses are specified, communication may not be possible.
- Network addresses that are being used
- Local network addresses that client PCs are connected to
If communication is not possible, please contact the help desk.
- Only one VPN service can be created for a single virtual router. When you establish SSL-VPN connections to multiple subnets, create a virtual router and configure the SSL-VPN function (VPN service and SSL-VPN Connection) for each separate subnet.
- Configure the gateway address for the subnets that use SSL-VPN connections. Do not delete the configured gateway address while using SSL-VPN.
- Do not configure a route that would block communication with the gateway address for the host route of the subnets that use SSL-VPN connections.
-
When a virtual server is connected to multiple subnets, including those connected to using SSL-VPN, configure the appropriate route on the virtual server.
- In the settings for the default gateway on the OS of the virtual server, configure the gateway of the appropriate subnet.
- In the route settings to the subnet configured in the client address pool for SSL-VPN, configure the host route settings so the gateway specified in the subnet of the customer's network for system maintenance is passed through.
- When creating an SSL-VPN connection, do not delete the static router setting (Nexthop: 192.168.80.4, Destination: Client address pool) automatically added to the virtual router.
- When updating the certificate for an SSL-VPN Connection resource, update the key metadata container and then create the SSL-VPN Connection resource again.