Cisco SA520-K9 Administration Guide - Page 166
Configuring the SSL VPN Client, Full Tunnel Mode, > SSL VPN Client > SSL VPN Client
UPC - 882658266744
View all Cisco SA520-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 166 highlights
Configuring VPN Configuring SSL VPN for Browser-Based Remote Access 7 Make sure that the virtual (PPP) interface address of the VPN tunnel client does not conflict with the address of any physical devices on the LAN. The IP address range for the SSL VPN virtual network adapter should be either in a different subnet or non-overlapping range as the corporate LAN. If the SSL VPN client is assigned an IP address in a different subnet than the corporate network, a client route must be added to allow access to the private LAN through the VPN tunnel. In addition, a static route on the private LAN's firewall (typically this security appliance) is needed to forward private traffic through the VPN Firewall to the remote SSL VPN client. NOTE As in any IPsec tunnel deployment, the two networks that are joined by the tunnel must use different IP address ranges in their subnets. The security appliance allows Full Tunnel and Split Tunnel support. • Full Tunnel Mode: The VPN Tunnel handles all traffic that is sent from the client. • Split Tunnel Mode: The VPN Tunnel handles only the traffic that is destined for the specified destination addresses in the configured client routes. These client routes give the SSL client access to specific private networks, thereby allowing access control over specific LAN services. Configuring the SSL VPN Client STEP 1 Click VPN > SSL VPN Client > SSL VPN Client. The SSL VPN Client window opens. STEP 2 Enter the following information: • Enable Split Tunnel Support: Check this box to enable Split Tunnel Mode Support, or uncheck this box for Full Tunnel Mode Support. With Full Tunnel Mode, all of the traffic from the host is directed through the tunnel. By comparison, with Split-Tunnel Mode, the tunnel is used only for the traffic that is specified by the client routes. NOTE If you enable Split Tunnel Support, you also will need to configure SSL VPN Client Routes. After you complete this procedure, see Configuring Client Routes for Split Tunnel Mode, page 167. • DNS Suffix (Optional): Enter the DNS Suffix for this client. • Primary DNS Server (Optional): Enter the IP address of the primary DNS Server for this client. Cisco SA500 Series Security Appliances Administration Guide 166