9-1
v1.0, August 2006
Chapter 9VPN Tunnel ClientThis chapter describes the configuration for a VPN Tunnel Client, an SSL VPN client that is
deployed from the SSL VPN portal. It covers:
•Adding IP Address Ranges
•Adding Routes for VPN Tunnel Clients
Beyond what is defined in “Logging in to the Management Interface” on page 2-4, the VPN
Tunnel Client has some specific operating requirements. For
•Mac OS. VPN Tunnel supports Version 1.4 (Tiger).
• Browsers. The Firefox browser is not supported.
The number of VPN Tunnel Client sessions your installation of SSL VPN Concentrator will
support concurrently is dependent on the hardware configuration of your SSL VPN Concentrator
server.
SSL VPN Client Configuration
There are several different scenarios you can use to set up SSL VPN client addresses and routes.
The following is a simple network setup. For more complex network configurations, see the SSL
VPN network scenarios document referenced in Appendix B, “Related Documents”.
The VPN Tunnel Client provides a PPP (point-to-point) connection between the client and the SSL
VPN Concentrator. When remote users connect using VPN over SSL, a virtual network interface
is created with IP settings dynamically assigned by the SSL VPN Concentrator. In addition, DNS
and WINS server settings are also assigned by the SSL VPN Concentrator. DNS and WINS
settings allow the VPN Tunnel Client to contact machines on the corporate network by host name
or domain name. The DNS and WINS settings assigned to the VPN Tunnel Client are configured
on the Network screen located under System Configuration on the left navigation pane.
The VPN Tunnel Client provides a point-to-point (PPP) connection and uses proxy ARP requests
to locate machines on the remote network. Because the connection is a point-to-point connection,
the addresses on the local network and the remote network can overlap. For example: