Symantec 360R - Security Gateway SGS Administration Manual page 98

98 Establishing secure VPN connections
Configuring Client-to-Gateway VPN tunnels
For LAN-side VPN client tunnels, the only subnet that the client can access is the
one defined on the LAN IP screen.
See "Configuring LAN IP settings"
Symantec Client-to-Gateway VPN tunnels require a client ID and a shared key.
You can also apply extended authentication using a RADIUS server to Client-to-
Gateway VPN tunnels for additional authentication.
See "Defining users" on page 86.
You can configure two types of Client-to-Gateway users when configuring VPN
tunnels: dynamic and static.
See "Identifying users"
Understanding global tunnels
When a client establishes a VPN tunnel on the LAN, a global tunnel (0.0.0.0) is
configured for the client. This forces all client traffic through the VPN tunnel
terminating at the appliance. This is useful for untrusted networks, such as
wireless, to keep traffic secure.
When establishing a tunnel on the WAN, the appliance's subnet (192.168.0.0 by
default) is configured for the client allows a split tunnel so that the client can
still access the Internet directly and only traffic destined for the LAN is sent
through the VPN tunnel.
Configuration tasks for Client-to-Gateway VPN tunnels
Table 6-9 describes the tasks that are required to configure a Client-to-Gateway
VPN tunnel.
Table 6-9 Client-to-Gateway VPN tunnel configuration tasks
Task
Configure a VPN Policy (Phase 2 IKE
negotiation). This is optional.
Identify remote users.
Enable client tunnel for selected VPN Group.
Optionally, configure VPN network parameters
(pushed to client during negotiations).
on page 57.
on page 85.
VPN > Client Tunnels > Group Tunnel
SGMI
VPN > VPN Policies
VPN > Client Users > VPN User
Identity
Definition
VPN > Client Tunnels > VPN Network
Parameters