1. Manuals
  2. Brands
  3. Cisco Manuals
  4. Network Hardware
  5. WS-CE500 - Catalyst Express 500-24PC
  6. Administration manual

Cisco WS-CE500 Administration Manual page 166

Sa500 series small business security appliances
Hide thumbs
Table of Contents

Advertisement

Configuring VPN
Configuring SSL VPN for Browser-Based Remote Access
NOTE
STEP 1
STEP 2
Cisco SA500 Series Security Appliances Administration Guide
Make sure that the virtual (PPP) interface address of the VPN tunnel client does not
conflict with the address of any physical devices on the LAN. The IP address
range for the SSL VPN virtual network adapter should be either in a different
subnet or non-overlapping range as the corporate LAN.
If the SSL VPN client is assigned an IP address in a different subnet than the
corporate network, a client route must be added to allow access to the private
LAN through the VPN tunnel. In addition, a static route on the private LAN's firewall
(typically this security appliance) is needed to forward private traffic through the
VPN Firewall to the remote SSL VPN client.
As in any IPsec tunnel deployment, the two networks that are joined by the tunnel
must use different IP address ranges in their subnets.
The security appliance allows Full Tunnel and Split Tunnel support.
Full Tunnel Mode: The VPN Tunnel handles all traffic that is sent from the
client.
Split Tunnel Mode: The VPN Tunnel handles only the traffic that is destined
for the specified destination addresses in the configured client routes.
These client routes give the SSL client access to specific private networks,
thereby allowing access control over specific LAN services.
Configuring the SSL VPN Client
Click VPN > SSL VPN Client > SSL VPN Client.
The SSL VPN Client window opens.
Enter the following information:
Enable Split Tunnel Support: Check this box to enable Split Tunnel Mode
Support, or uncheck this box for Full Tunnel Mode Support. With Full Tunnel
Mode, all of the traffic from the host is directed through the tunnel. By
comparison, with Split-Tunnel Mode, the tunnel is used only for the traffic that
is specified by the client routes.
If you enable Split Tunnel Support, you also will need to configure SSL
NOTE
VPN Client Routes. After you complete this procedure, see
Client Routes for Split Tunnel Mode, page
DNS Suffix (Optional): Enter the DNS Suffix for this client.
Primary DNS Server (Optional): Enter the IP address of the primary DNS
Server for this client.
Configuring
167.
7
166

Advertisement

Table of Contents
loading

Related Manuals for Cisco WS-CE500

Related Products for Cisco WS-CE500

This manual is also suitable for:

Esw-540-24 - small business pro switchEsw-540-48 - small business pro switchWs-ce500-24lc - catalyst express switchWs-ce500-24pc - catalyst express 500-24pc switchWs-ce500-24tt - catalyst express switchWs-ce500g-12tc - catalyst express 500g-12tc ... Show all

Table of Contents