Chapter 21 SSL VPN

Full Tunnel Mode

In full tunnel mode, a virtual connection is created for remote users with private IP addresses in the same subnet as the local network. This allows them to access network resources in the same way as if they were part of the internal network.

Figure 268 Network Access Mode: Full Tunnel Mode

SSL Access Policy

An SSL access policy allows the ZyWALL to perform the following tasks:

limit user access to specific applications or files on the network.

allow user access to specific networks.

assign private IP addresses and provide DNS/WINS server information to remote users to access internal networks.

SSL Access Policy Objects

The SSL access policies reference the following objects. If you update this information, in response to changes, the ZyWALL automatically propagates the changes through the SSL policies that use the object(s). When you delete an SSL policy, the objects are not removed.

Table 125 Objects

OBJECT TYPE

OBJECT

DESCRIPTION

SCREEN

User Accounts

User Account/

Configure a user account or user group to which you want to apply

 

User Group

this SSL access policy.

 

 

 

Application

SSL

Configure an SSL application object to specify the application type

 

Application

and server users are allowed to access.

 

 

 

IP Pool

Address

Configure an address object that defines a range of private IP

 

 

addresses to assign to user computers so they can access the

 

 

internal network through a VPN connection.

 

 

 

Server

Address

Configure address objects for the IP addresses of the DNS and

Addresses

 

WINS servers that the ZyWALL sends to the VPN connection

 

 

users.

 

 

 

VPN Network

Address

Configure an address object to specify which network segment

 

 

users are allowed to access through a VPN connection.

 

 

 

You cannot delete an object that is referenced by an SSL access policy. To delete the object, you must first unassociate the object from the SSL access policy.

386

 

ZyWALL USG 100/200 Series User’s Guide