VPN
Configuring SSL VPN
Cisco ISA500 Series Integrated Security Appliances Administration Guide 377
8
•Gateway Port: Enter the port number used for the SSL VPN gateway. By
default, SSL operates on port 443. However, the SSL VPN gateway should
be flexible to operate on a user defined port. The firewall should permit the
port to ensure delivery of packets destined for the SSL VPN gateway. The
SSL VPN clients need to enter the entire address pair “Gateway IP address:
Gateway port number” for connecting purposes.
•Certificate File: Choose the default certificate or an imported certificate to
authenticate users who try to access your network resource through the
SSL VPN tunnels. For information on importing the certificates, see
Managing Certificates for Authentication, page 418.
•Client Address Pool: The SSL VPN gateway has a configurable address
pool tha t is used to a llocate IP addresse s to remote VPN clients. Enter the IP
address pool for all remote clients. The client is assigned an IP address by
the SSL VPN gateway.
NOTE: Configure an IP address range that does not directly overlap with any
of addresses on your local network.
•Client Netmask: Enter the IP address of the netmask used for SSL VPN
clients. The client netmask can only be one of 255.255.255.0,
255.255.255.128, and 255.255.255.192.
The Client Address Pool is used with the Client Netmask. The following table
displays the valid settings for entering the client address pool and the client
netmask.
If they are set as follows, then the SSL VPN client will get a VPN address
whose range is from 10.10.10.1 to 10.10.10.254.
- Client Address Pool = 10.10.10.0
- Client Netmask = 255.255.255.0
•Client Internet Access: Check this box to automatically create advanced
NAT rules to allow SSL VPN clients to access the Internet. If you uncheck this
box, you can manually create advanced NAT rules. See Allowing SSL VPN
Clients to Access the Internet, page 382.
Client Netmask Client Address Pool
255.255.255.0 x.x.x.0
255.255.255.128 x.x.x.0, or x.x.x.128
255.255.255.192 x.x.x.0, x.x.x.64, x.x.x.128, or x.x.x.192