Configuring VPN
Configuring SSL VPN for Browser-Based Remote Access
Cisco SA 500 Series Security Appliances Administration Guide
185
8
The security appliance allows Full Tunnel and Split Tunnel support.
•
Full Tunnel Mode:
The VPN Tunnel handles all traffic that is sent from the
client.
•
Split Tunnel Mode:
The VPN Tunnel handles only the traffic that is destined
for the specified destination addresses in the configured client routes.
These client routes give the SSL client access to specific private networks,
thereby allowing access control over specific LAN services.
Configuring the SSL VPN Client
STEP 1
Click
VPN
on the menu bar, and then click
SSL VPN Client > SSL VPN Client
in
the navigation tree.
The SSL VPN Client page appears.
STEP 2
Enter the following information:
•
Enable Split Tunnel Support:
Check this box to enable Split Tunnel Mode
Support, or uncheck this box for Full Tunnel Mode Support. With Full Tunnel
Mode, all of the traffic from the host is directed through the tunnel. By
comparison, with Split-Tunnel Mode, the tunnel is used only for the traffic that
is specified by the client routes.
NOTE
If you enable Split Tunnel Support, you also will need to configure SSL
VPN Client Routes. After you complete this procedure, see
Configuring Client Routes for Split Tunnel Mode, page 186
.
•
DNS Suffix (Optional):
Enter the DNS Suffix for this client.
•
Primary DNS Server (Optional):
Enter the IP address of the primary DNS
Server for this client.
•
Secondary DNS Server (Optional):
Enter the IP address of the secondary
DNS Server for this client.
•
Client Address Range Begin:
Enter the first IP address that will be assigned
to SSL VPN clients.
•
Client Address Range End:
Enter the last IP address that will be assigned to
SSL VPN clients.