Configuring Tunnel All Mode

When you enable Tunnel All mode, you force all traffic for NetExtender users over the SSL VPN NetExtender tunnel—including traffic destined for the remote user’s local network. Table 88 shows the routes added to the remote client’s route table when you enable Tunnel All mode:


Table 88. Routes added for Tunnel All mode

IP Address

Subnet mask

NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any existing routes to force traffic destined for the local network over the SSL VPN tunnel instead. For example, if a remote user is has the IP address on the 10.0.*.* network, the route is added to route traffic through the SSL VPN tunnel.

To configure SSL VPN NetExtender users and groups for Tunnel All Mode:
Navigate to SSL VPN > Client Routes.
Select Enabled from the Tunnel All Mode drop-down menu.

Click Accept.
Navigate to the Users > Local Users or Users > Local Groups page.
Click on the Configure button for an SSL VPN NetExtender user or group. The Edit Group dialog displays.
Click on the VPN Access tab.

Select the WAN RemoteAccess Networks address object.
Click the Right Arrow (->) button.
Repeat Step 5 through Step 9 for all local users and groups that use SSL VPN NetExtender.