Cisco Small Business Pro SA 520W Administration Manual page 179

Small business pro sa 500 series security appliances

Hide thumbs Also See for Small Business Pro SA 520W:

Administration manual (240 pages)

Administration manual (244 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

Table of Contents

Configuring VPN

Configuring SSL VPN for Browser-Based Remote Access

NOTE

STEP 1

STEP 2

Cisco SA 500 Series Security Appliances Administration Guide

Make sure that the virtual (PPP) interface address of the VPN tunnel client does not

conflict with the address of any physical devices on the LAN. The IP address

range for the SSL VPN virtual network adapter should be either in a different

subnet or non-overlapping range as the corporate LAN.

If the SSL VPN client is assigned an IP address in a different subnet than the

corporate network, a client route must be added to allow access to the private

LAN through the VPN tunnel. In addition, a static route on the private LAN's firewall

(typically this security appliance) is needed to forward private traffic through the

VPN Firewall to the remote SSL VPN client.

As in any IPSec tunnel deployment, the two networks that are joined by the tunnel

must use different IP address ranges in their subnets.

The security appliance allows Full Tunnel and Split Tunnel support.

•

Full Tunnel Mode: The VPN Tunnel handles all traffic that is sent from the

client.

•

Split Tunnel Mode: The VPN Tunnel handles only the traffic that is destined

for the specified destination addresses in the configured client routes.

These client routes give the SSL client access to specific private networks,

thereby allowing access control over specific LAN services.

Configuring the SSL VPN Client

Click VPN on the menu bar, and then click SSL VPN Client > SSL VPN Client in

the navigation tree.

The SSL VPN Client page appears.

Enter the following information:

•

Enable Split Tunnel Support: Check this box to enable Split Tunnel Mode

Support, or uncheck this box for Full Tunnel Mode Support. With Full Tunnel

Mode, all of the traffic from the host is directed through the tunnel. By

comparison, with Split-Tunnel Mode, the tunnel is used only for the traffic that

is specified by the client routes.

If you enable Split Tunnel Support, you also will need to configure SSL

NOTE

VPN Client Routes. After you complete this procedure, see

Client Routes for Split Tunnel Mode, page

•

DNS Suffix (Optional): Enter the DNS Suffix for this client.

•

Primary DNS Server (Optional): Enter the IP address of the primary DNS

Server for this client.

Configuring

180.

179

Table of Contents

Show Quick Links

Quick Links:
Installation
Getting Started with the Configuration Utility
Connecting to the Configuration Utility

Hide quick links:

Table of Contents

This manual is also suitable for:

Small business pro sa 540 Small business pro sa 520

Cisco Small Business Pro SA 520W Administration Manual page 179

Hide quick links:

Related Manuals for Cisco Small Business Pro SA 520W

Related Products for Cisco Small Business Pro SA 520W

This manual is also suitable for:

Table of Contents