Configuring the SSL VPN Client
SSL VPN User’s Guide 4-11
when Split Tunneling is enabled. This setting has three options; Local, Remote,
and Both.
•
Local: When you choose the Local option, all DNS lookups are sent to the
DNS server on your local LAN. If you are connected to the Internet, the
lookups are sent to your ISP’s DNS server.
•
Remote: When you choose the Remote option, all DNS lookups are sent to
the remote DNS server via the SSL VPN tunnel.
•
Both: Finally, when you choose Both, the lookups are sent to both the local
and remote DNS servers simultaneously. This could result in domain name
conflicts. Such conflicts can be resolved by using the settings described in
4.2.3, “Managing Domain Conflicts”.
The following procedure lists the steps to configure split DNS. In this example,
Split DNS is set to Both.
1. Right-click the agent in the Windows system tray and select
Configuration
from the short-cut menu. The Configuration dialog box is displayed as
shown in Figure 4-3.
If you are using the plug-in, click
Configuration on the plug-in window.
The Configuration dialog box is displayed as shown in Figure 4-3.
2. Click the
Profile tab. The Profile pane is displayed. This pane displays all
the configuration details of the profile such as the IP address of the SSL
VPN gateway, the split tunneling setting, the build number of the system
software on the gateway, etc.
3. Click
Change Profile to modify the configuration details of the profile. The
Change Profile dialog box is displayed as shown in Figure 4-4.
4. In the
DNS /WINS Lookup group box, select Both and click OK. The
updated configuration details of the profile are displayed.
4.2.3 Managing Domain Conflicts
The previous section covered the concept of Split DNS. In addition, it also
explained the Both setting. When Split DNS is configured in the Both mode,
the DNS lookups are simultaneously sent to both local and remote DNS serv-
ers. As a result, there are chances of domain name conflicts if domains with
the same names exist on both the remote and local networks. This can be
avoided by configuring the client with domain names that might potentially
cause a conflict. This is illustrated in the following example.
A remote private network has a domain named ABC.example. A client, con-
necting to this network, also has a domain named ABC.example in its local
network. When you type http://ABC.example in the browser window, and Split
DNS is set to Both, the client performs a domain name lookup on both the