Citrix Systems 9000 Series 4.2.2 Configuring Split DNS

Configuring the SSL VPN Client

4-10 SSL VPN User’s Guide

•ON: When you choose this option, Split Tunneling is enabled. The client

compares the destination IP address, or port, or application name of the

packets against the values configured by the SSL VPN administrator on the

gateway. If one of the values match, the packets are send to the remote

network via the SSL VPN tunnel. Else they are diverted to the local LAN.

•OFF: When you choose this option, Split Tunneling is disabled and the cli-

ent sends all traffic to the remote network via the SSL VPN tunnel.

•Reverse: When you choose this option, Reverse Split Tunneling is enabled.

The client compares the destination IP address, or port, or application

name of the packets against the values configured by the SSL VPN admin-

istrator on the gateway. If one of the values match, the client diverts the

packets to the local LAN and sends the others to the remote network via

the SSL VPN tunnel. This is the reverse of ON.

If Split Tunneling is disabled on the gateway, the corresponding controls on

the client are disabled and you will not be able to control it. As a result, all

traffic is routed through the SSL VPN tunnel. This is similar to disabling the

feature on the client.

The following section covers the procedure to configure split tunneling.

1. Right-click the agent in the Windows system tray and select Configuration

from the short-cut menu. The Configuration dialog box is displayed as

shown in Figure 4-3.

If you are using the plug-in, click Configuration on the plug-in window. The

Configuration dialog box is displayed as shown in Figure 4-3.

2. Click the Profile tab. The Profile pane is displayed. This pane displays all

the configuration details of the profile such as the IP address of the SSL

VPN gateway, the split tunneling setting, the build number of the system

software on the gateway, etc.

3. Click Change Profile to modify the configuration details of the profile. The

Change Profile dialog box is displayed as shown in Figure 4-4.

4. In the Split Tunneling group box, select OFF and click OK. The updated

configuration details of the profile are displayed.

When similar subnets (or computers with identical IP addresses) exist on both

the local LAN and the remote intranet, network conflicts can occur when split

tunneling is enabled. This can be avoided by configuring the client appropri-

ately. For details, refer section 4.2.4, “Managing Network Conflicts”.

4.2.2 Configuring Split DNS

You can configure the agent to route DNS lookups (Address records only) to

either local DNS servers or remote DNS servers. This setting is applicable only