Configuration Wizards
Using the Remote Access VPN Wizard
Cisco ISA500 Series Integrated Security Appliances Administration Guide 61
2
permit the port to ensure delivery of packets destined for the SSL VPN
gateway. The SSL VPN clients need to enter the entire address pair
“Gateway IP address: Gateway port number” for connecting purposes.
•Certificate File: Choose the default certificate or an imported certificate to
authenticate users who try to access your network resource through the
SSL VPN tunnels. For information on importing the certificates, see
Managing Certificates for Authentication, page 418.
•Client Address Pool: The SSL VPN gateway has a configurable address
pool with maximum size of 255 which is used to allocate IP addresses to the
remote clients . Enter the IP add ress pool for all remote clients. The client is
assigned an IP address by the SSL VPN gateway.
NOTE: Configure an IP address range that does not directly overlap with any
other addresses on your local network.
•Client Netmask: Enter the IP address of the netmask used for SSL VPN
clients. The client netmask can only be one of 255.255.255.0,
255.255.255.128, and 255.255.255.192.
The Client Address Pool is used with the Client Netmask. The following table
displays the valid settings for entering the client address pool and the client
netmask.
For example, if they are set as follows, then the SSL VPN client will get a VPN
address whose range is from 10.10.10.1 to 10.10.10.254.
- Client Address Pool = 10.10.10.0
- Client Netmask = 255.255.255.0
•Client Internet Access: Check this box to automatically create advanced
NAT rules to allow SSL VPN clients to access the Internet over SSL VPN
tunnels. If you uncheck this box, you can manually create advanced NAT
rules. For complete details, see Allowing SSL VPN Clients to Access the
Internet, page 382.
Client Netmask Client Address Pool
255.255.255.0 x.x.x.0
255.255.255.128 x.x.x.0, or x.x.x.128
255.255.255.192 x.x.x.0, x.x.x.64, x.x.x.128, or x.x.x.192