Citrix Systems 9000 Series Switch User Manual


 
Configuring the SSL VPN Client
4-10 SSL VPN User’s Guide
ON: When you choose this option, Split Tunneling is enabled. The client
compares the destination IP address, or port, or application name of the
packets against the values configured by the SSL VPN administrator on the
gateway. If one of the values match, the packets are send to the remote
network via the SSL VPN tunnel. Else they are diverted to the local LAN.
OFF: When you choose this option, Split Tunneling is disabled and the cli-
ent sends all traffic to the remote network via the SSL VPN tunnel.
Reverse: When you choose this option, Reverse Split Tunneling is enabled.
The client compares the destination IP address, or port, or application
name of the packets against the values configured by the SSL VPN admin-
istrator on the gateway. If one of the values match, the client diverts the
packets to the local LAN and sends the others to the remote network via
the SSL VPN tunnel. This is the reverse of ON.
If Split Tunneling is disabled on the gateway, the corresponding controls on
the client are disabled and you will not be able to control it. As a result, all
traffic is routed through the SSL VPN tunnel. This is similar to disabling the
feature on the client.
The following section covers the procedure to configure split tunneling.
1. Right-click the agent in the Windows system tray and select
Configuration
from the short-cut menu. The Configuration dialog box is displayed as
shown in Figure 4-3.
If you are using the plug-in, click Configuration on the plug-in window. The
Configuration dialog box is displayed as shown in Figure 4-3.
2. Click the
Profile tab. The Profile pane is displayed. This pane displays all
the configuration details of the profile such as the IP address of the SSL
VPN gateway, the split tunneling setting, the build number of the system
software on the gateway, etc.
3. Click
Change Profile to modify the configuration details of the profile. The
Change Profile dialog box is displayed as shown in Figure 4-4.
4. In the Split Tunneling group box, select
OFF and click OK. The updated
configuration details of the profile are displayed.
When similar subnets (or computers with identical IP addresses) exist on both
the local LAN and the remote intranet, network conflicts can occur when split
tunneling is enabled. This can be avoided by configuring the client appropri-
ately. For details, refer section 4.2.4, “Managing Network Conflicts”.
4.2.2 Configuring Split DNS
You can configure the agent to route DNS lookups (Address records only) to
either local DNS servers or remote DNS servers. This setting is applicable only