NETGEAR SRX5308-100NAS Switch User Manual


 
Virtual Private Networking Using SSL Connections
277
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
To add servers and host names for client name resolution:
1. Select VPN > SSL VPN > Port Forwarding. The Port Forwarding screen displays (see
Figure 182 on p
age 275).
2. In the Add New Ho
st Name for Port Forwarding section of the screen, specify information in
the following fields:
L
ocal Server IP Address. The IP address of an internal server or host computer that
you want to name.
F
ully Qualified Domain Name. The full server name.
Note: If the server or host computer that you want to name does not
display in the List of Configured Applications for Port Forwarding
table, you need to add it before you can rename it.
3. Click the Add table button. The new application entry is added to the List of Configured Host
Names for Port Forwarding table.
To delete a name from the List of Configured Host Names for Port Forwarding table:
1. Select
the check box to the left of the name that you want to delete.
2. Click the Del
ete table button in the Action column.
Configure the SSL VPN Client
Configure the Client IP Address Range
Add Routes for VPN Tunnel Clients
The SSL VPN client on the VPN firewall assigns IP addre
sses to remote VPN tunnel clients.
Because the VPN tunnel connection is a point-to-point connection, you can assign IP
addresses from the local subnet to the remote VPN tunnel clients.
The following are some additiona
l considerations:
So
that the virtual (PPP) interface address of a VPN tunnel client does not conflict with
addresses on the local network, configure an IP address range that does not directly
overlap with addresses on your local network. For example, if 192.168.1.1 through
192.168.1.100 are assigned to devices on the local network, then start the client address
range at 192.168.1.101, or choose an entirely different subnet altogether.
T
he VPN tunnel client cannot contact a server on the local network if the VPN tunnel
client’s Ethernet interface shares the same IP address as the server or the VPN firewall.
(For example, if your computer has a network interface IP address of 10.0.0.45, then you
cannot contact a server on the remote network that also has the IP address 10.0.0.45.)