VPN

8

 

Configuring IPsec Remote Access

 

 

 

 

 

NOTE: The backup servers that you specified on the IPsec VPN server will be sent to remote VPN clients when initiating the VPN connections. The remote VPN clients will cache them.

Split Tunnel: Click On to enable the split tunneling feature, or click Off to disable it. Split tunneling allows only traffic that is specified by the VPN client routes to corporate resources through the VPN tunnel. If you enable split tunneling, you need to define the split subnets. To add a subnet, enter the IP address and netmask in the Protected Network and Netmask fields and click Add. To delete a subnet, select it from the list and click Delete.

Split DNS: Split DNS directs DNS packets in clear text through the VPN tunnel to domains served by the corporate DNS. To add a domain, enter the Domain name that should be resolved by your network’s DNS server, and then click Add. To delete a domain, select it from the list and click Delete.

NOTE: To use Split DNS, you must also enable the split tunneling feature and specify the domains. The Split DNS feature supports up to 10 domains.

STEP 6 Click OK to save your settings.

STEP 7 Click Save to apply your settings.

Allowing IPsec Remote VPN Clients to Access the Internet

Enabling Client Internet Access will automatically create advanced NAT rules to allow remote VPN clients to access the Internet over the VPN tunnels. This section provides an example on manually configuring advanced NAT rules to allow remote VPN clients to access the Internet over the VPN tunnels.

STEP 1 Assuming that you enable the IPsec Remote Access feature and create a group policy as follows:

Field

Setting

 

 

Group Name

VPNGroup1

 

 

WAN Interface

WAN1

 

 

IKE Authentication

Pre-shared key

Method

 

 

 

Cisco ISA500 Series Integrated Security Appliances Administration Guide

360

Page 360
Image 360
Casio ISA550WBUN3K9 manual Allowing IPsec Remote VPN Clients to Access the Internet, Group Name, WAN Interface, Method