1. Home
    2. /
  2. Manuals
    3. /
  3. NETGEAR
    4. /
  4. SRX5308
    5. /
  5. 58
Page 286 / 469 Scroll up to view Page 281 - 285
Virtual Private Networking Using SSL
Connections
286
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 188.
SSL VPN Client screen for IPv6
3.
Complete the settings as described in the following table:
Table 72.
SSL VPN Client screen settings for IPv4 and IPv6
Setting
Description
Client IP Address Range
Enable Full Tunnel Support
Select this check box to enable full-tunnel support. If you leave this check box
cleared (which is the default setting), full-tunnel support is disabled but
split-tunnel support is enabled, and you need to add client routes (see
Add
Routes for VPN Tunnel Clients
on page
287).
Note:
When full-tunnel support is enabled, client routes are not operable.
IPv4 screen only
DNS Suffix
A DNS suffix to be appended to incomplete DNS search
strings. This setting is optional.
Primary DNS
Server
The IP address of the primary DNS server that is assigned
to the VPN tunnel clients. This setting is optional.
Note:
If you do not assign a DNS server, the DNS settings
remain unchanged in the SSL VPN client after a VPN
tunnel has been established.
Secondary DNS
Server
The IP address of the secondary DNS server that is
assigned to the VPN tunnel clients. This setting is optional.
Client Address
Range Begin
The first IP address of the IPv4 address range that you
want to assign to the VPN tunnel clients. By default, the
first IPv4 address is 192.168.251.1.
Page 287 / 469
Virtual Private Networking Using SSL
Connections
287
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
4.
Click
Apply
to save your settings. VPN tunnel clients are now able to connect to the VPN
firewall and receive a virtual IP address in the client address range.
Add Routes for VPN Tunnel Clients
The VPN tunnel clients assume that the following networks are located across the
VPN-over-SSL tunnel:
The subnet that contains the client IP address (that is, PPP interface), as determined by
the class of the address (Class A, B, or C).
Subnets that are specified in the Configured Client Routes table on the SSL VPN Client
screen.
If the assigned client IP address range is in a different subnet from the local network, or if the
local network has multiple subnets, or if you select split-tunnel operation, you need to define
client routes.
To add an SSL VPN tunnel client route:
1.
Select
VPN > SSL VPN > SSL VPN Client
.
The SSL VPN Client screen for IPv4
displays (see
Figure
187
on page
285).
2.
Specify the IP version for which you want to add a route:
IPv4
. In the upper right of the screen, the IPv4 radio button is already selected by
default. Go to
Step
3
.
IPv6
. Select the
IPv6
radio button. The SSL VPN Client screen displays the IPv6
settings (see
Figure
188
on page
286).
3.
In the Add Routes for VPN Tunnel Clients section of the screen, specify information in the
following fields:
Destination Network
. The destination network IPv4 or IPv6 address of a local
network or subnet. For example, for an IPv4 route, enter 10.211.23.8.
Subnet Mask / Prefix Length
. For an IPv4 route, the address of the appropriate
subnet mask; for an IPv6 route, the prefix length.
4.
Click the
Add
table button. The new client route is added to the Configured Client Routes
table.
IPv4 screen only
(continued)
Client Address
Range End
The last IP address of the IPv4 address range that you
want to assign to the VPN tunnel clients. By default, the
last IPv4 address is 192.168.251.254.
IPv6 screen only
Client IPv6
Address Range
Begin
The first IP address of the IPv6 address range that you
want to assign to the VPN tunnel clients. By default, the
first IPv6 address is 4000::1.
Client IPv6
Address Range
End
The last IP address of the IPv6 address range that you
want to assign to the VPN tunnel clients. By default, the
last IPv6 address is 4000::200.
Table 72.
SSL VPN Client screen settings for IPv4 and IPv6 (continued)
Setting
Description
Page 288 / 469
Virtual Private Networking Using SSL
Connections
288
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
If VPN tunnel clients are already connected, disconnect and then reconnect the clients on the
SSL VPN Connection Status screen (see
View the SSL VPN Connection Status and SSL
VPN Log
on page
299). Doing so allows the clients to receive new addresses and routes.
To change the specifications of an existing route and to delete an old route:
1.
Add a new route to the Configured Client Routes table.
2.
In the Configured Client Routes table, to the right of the route that is out-of-date, click the
Delete
table button.
If an existing route is no longer needed, you can delete it.
Use Network Resource Objects to Simplify Policies
Add New Network Resources
Edit Network Resources to Specify Addresses
Network resources are groups of IP addresses, IP address ranges, and services. By defining
resource objects, you can more quickly create and configure network policies. You do not
need to redefine the same set of IP addresses or address ranges when you configure the
same access policies for multiple users.
Defining network resources is optional; smaller organizations can choose to create access
policies using individual IP addresses or IP networks rather than predefined network
resources. But for most organizations, NETGEAR recommends that you use network
resources. If your server or network configuration changes, you can perform an update
quickly by using network resources instead of individually updating all of the user and group
policies.
Add New Network Resources
The resource name and service are independent of the IP version. However, the resource
definition (see
Edit Network Resources to Specify Addresses
on page
289) is dependent on
the IP version because you can assign either an IPv4 or an IPv6 address or network.
To define a network resource:
1.
Select
VPN > SSL VPN > Resources
.
The Resources screen displays. (The following
figure shows some resources in the List of Resources table as an example.)
Page 289 / 469
Virtual Private Networking Using SSL
Connections
289
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 189.
2.
In the Add New Resource section of the screen, specify information in the following fields:
Resource Name
. A descriptive name of the resource for identification and
management purposes.
Service
. From the Service drop-down list, select the type of service to which the
resource applies:
-
VPN Tunnel
. The resource applies only to a VPN tunnel.
-
Port Forwarding
. The resource applies only to port forwarding.
-
All
. The resource applies both to a VPN tunnel and to port forwarding.
3.
Click the
Add
table button. The new resource is added to the List of Resources table.
To delete one or more network resources:
1.
Select the check box to the left of each network resource that you want to delete, or
click the
Select All
table button to select all network resources.
2.
Click the
Delete
table button.
Edit Network Resources to Specify Addresses
To edit network resources:
1.
Select
VPN > SSL VPN > Resources
.
The Resources screen displays (see the
previous figure, which shows some examples).
2.
In the List of Resources table, to the right of the new resource in the Action column, click the
Edit
table button. A new screen that lets you edit the resource displays the IPv4 settings.
(The following figure shows some examples.)
3.
Specify the IP version for which you want to add a portal layout:
IPv4
. In the upper right of the screen, the IPv4 radio button is already selected by
default. Go to
Step
4
.
IPv6
. Select the
IPv6
radio button. The screen that lets you edit the resource displays
the IPv6 settings. Except for the Mask Length, which is Prefix Length on the screen for
IPv6, this screen is identical to the screen for IPv4 (see the next figure, which shows
some examples).
Page 290 / 469
Virtual Private Networking Using SSL
Connections
290
ProSAFE Gigabit Quad WAN SSL VPN Firewall SRX5308
Figure 190.
4.
Complete the settings as described in the following table:
Table 73.
Resources screen settings to edit a resource
Setting
Description
Add Resource Addresses
Resource Name
The unique identifier for the resource. You cannot modify the resource name
after you have created it on the first Resources screen.
Service
The SSL service that is assigned to the resource. You cannot modify the
service after you have assigned it to the resource on the first Resources
screen.
Object Type
From the drop-down list, select one of the following options:
IP Address
. The object is an IPv4 or IPv6 address. You need to enter the
IP address or the FQDN in the IP Address / Name field.
IP Network
. The object is an IPv4 or IPv6 network. You need to enter the
network IP and the network mask length (for IPv4) or prefix length (for
IPv6) in the Mask Length field.
IP Address / Name
Applicable only when you select IP Address as the object
type. Enter the IP address or FQDN for the location that is
permitted to use this resource.
Network Address
Applicable only when you select IP Network as the object
type. Enter the network IP address for the locations that
are permitted to use this resource. You also need to enter
the mask length (IPv4 only) or prefix length (IPv6 only):

Rate

3.5 / 5 based on 2 votes.

Popular NETGEAR Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top