SSL_VPN_client_routes
The SSL VPN > Client Routes page allows you to control the network access allowed for SSL VPN users. The NetExtender client routes are passed to all NetExtender clients and are used to govern which private networks and resources remote users can access via the SSL VPN connection.
Topics:
Select Enabled from the Tunnel All Mode drop-down menu to force all traffic for NetExtender users over the SSL VPN NetExtender tunnel—including traffic destined for the remote user’s local network. This is accomplished by adding the following routes to the remote client’s route table:
|
NetExtender also adds routes for the local networks of all connected Network Connections. These routes are configured with higher metrics than any existing routes to force traffic destined for the local network over the SSL VPN tunnel instead. For example, if a remote user has the IP address 10.0.67.64 on the 10.0.*.* network, the route 10.0.0.0/255.255.0.0 is added to route traffic through the SSL VPN tunnel.
Note To configure Tunnel All Mode, you must also configure an address object for 0.0.0.0, and assign SSL VPN NetExtender users and groups to have access to this address object.
To configure SSL VPN NetEextender users and groups for Tunnel All Mode, perform the following steps.
1. Navigate to the Users > Local Users or Users > Local Groups page.
2. Click on the Edit icon in the Configure column for an SSL VPN NetExtender user or group.
3. Click on the VPN Access tab.
4. Select the WAN RemoteAccess Networks address object and click the right arrow (->) button.
5. Click OK.
6. Repeat steps 1 through 5 for all local users and groups that use SSL VPN NetExtender.
The Add Client Routes pull-down menu is used to configure access to network resources for SSL VPN users. Select the address object to which you want to allow SSL VPN access. Select Create new address object to create a new address object. Creating client routes causes access rules to automatically be created to allow this access. Alternatively, you can manually configure access rules for the SSL VPN zone on the Firewall > Access Rules page. For more information, see Firewall > Access Rules.
Note After configuring Client Routes for SSL VPN, you must also configure all SSL VPN NetExtender users and user groups to be able to access the Client Routes on the Users > Local Users or Users > Local Groups pages. See Configuring Local Users or Configuring Local Groups, respectively.
To configure SSL VPN NetEextender users and groups to access Client Routes, perform the following steps.
1. Navigate to the Users > Local Users or Users > Local Groups page.
2. Click on the Edit icon in the Configure column for an SSL VPN NetExtender user or group.
3. Click on the VPN Access tab.
4. Select the address object for the Client Route, and click the right arrow (->) button.
5. Click OK.
6. Repeat steps 1 through 5 for all local users and groups that use SSL VPN NetExtender.
At the bottom of the SSL VPN > Client Routes page is a table of client routes that contains the priorities you added as the SSL VPN client route in these columns:
• Name—The name of the route selected in the VPN Access tab for the user or group.
• Address Detail—The details about the route address.
• Type—The type of the route.
• Zone—The zone of the route.
• Delete —The Delete icon for deleting a single SSL VPN client route.
To delete a route, click on its Delete icon in the Delete column. To delete all routes, click on the Delete All button in the upper right corner of the table.