NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
–Split tunnel – Sends only traffic destined for the internal network based on the specified client routes. All other traffic is sent to the internet. Split tunnel allows you to manage your company bandwidth by reserving the VPN tunnel for corporate traffic only.
Beyond what is defined in “Web Browser Requirements” on page
•Mac OS. VPN Tunnel supports Version 1.4 (Tiger).
•Browsers. The Firefox browser supports only VPN tunnel, VNC, Network places and Utilities (IE is required for Port Forwarding, Applications, and Terminal Services).
Adding IP Address Ranges
Determine the address range you will assign to VPN Tunnel Clients, then define the address range in the SSL VPN Concentrator administrative interface.
To configure the SSL VPN Tunnel client address range:
1.Under Access Administration in the left navigation pane, select VPN Tunnel. The VPN Tunnel Client screen displays.
In the Client IP Address Range section of the screen, you can define the IP address range to assign to incoming VPN Tunnel clients. The default range begins with 192.168.251.1 and ends with 192.168.251.254.
2.In the Client Address Range Begin field, enter the first IP address of the IP address range.
3.In the Client Address Range End field, enter the last IP address of the IP address range.
4.Select one of the following:
•Enter the Network Subnet to enable Split Tunnel Mode
a.Add a client route to configure the VPN Tunnel client to connect to the corporate network using the VPN tunnel.
b.Create a static route on the corporate network firewall to forward traffic intended for the VPN clients to the SSL VPN gateway.
•Select the Enable Full Tunnel Support check box to enable Full Tunnel mode. The VPN client will install an 0.0.0.0 route on the client machines that will forward all traffic to the SSL Concentrator.
5.Click Apply to update the configuration.
Configuring the SSL VPN Tunnel Client and Port Forwarding |
