Citrix Systems 9000 Series Switch User Manual


 
SSL VPN User’s Guide 6-1
Chapter 6
FAQs
Why does the SSL VPN need a Windows account with administrative
privileges?
The SSL VPN browser plug-in inserts a new layer between the application and
Windows Kernel. This operation requires administrative privilege in a Windows
account.
Why does SSL VPN not work with MS Windows 9x?
The MS Windows 9x operating system does not support encryption/ decryption
for SSL/SSPI, which is required for SSL VPN. If the plug-in identifies that the
encryption library is not installed, it will display an error message page. Click
the hyperlink "Click Me" in the error message page to install the required
encryption library (dsclient.exe). Please follow the instructions provided by the
software to install the encryption library and reboot the machine after the
installation. The dsclient.exe encryption library is provided by Microsoft.
Does SSL VPN use a client side IP address?
Unlike the traditional IPSec VPN, the SSL VPN does not set an IP address on
the client machine. The plug-in uses the client machine's original IP address to
connect to the SSL VPN Web site. This depends on the configuration of the
system. If the USIP (use source IP) is enabled, the server will see the client IP
address. Otherwise the server will not see the client IP address.
How does the SSL VPN browser plug-in make routing decisions?
The SSL VPN server forwards the configured static routing entries in the sys-
tem to the remote user's plug-in. The plug-in then intercepts and tunnels all
the connections to the SSL VPN server. These connections are tunneled to the
SSL VPN server only if the destination IP matches with the downloaded routing
entries/subnet. If the match is not found, then the connections are not tun-
neled and are routed to the remote client machine's default router.
When is configured for split tunnel OFF, all traffic will be tunneled into the sys-
tem.