Virtual Private Networking Using SSL Connections
278
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
• Select whether you want to enable full-tunnel or split-tunnel support based on your
bandwidth:
- A full tunn
el sends all of the client’s traffic across the VPN tunnel.
- A split tu
nnel sends only traffic that is destined for the local network based on the
specified client routes. All other traffic is sent to the Internet. A split tunnel allows you
to manage bandwidth by reserving the VPN tunnel for local traffic only.
• If you ena
ble split-tunnel support and you assign an entirely different subnet to the VPN
tunnel clients from the subnet that is used by the local network, you need to add a client
route to ensure that a VPN tunnel client connects to the local network over the VPN
tunnel.
Configure the Client IP Address Range
First determine the address range to be assigned to VPN tunnel clients, and then define the
address range.
To define the client IP address range:
1. Select VPN > SSL VPN
> SSL VPN Client. The SSL VPN Client screen displays the
IPv4 settings (the following screen shows some examples).
2. S
pecify the IP version for which you want to configure the SSL VPN client:
• IPv4. In
the upper right of the screen, the IPv4 radio button is already selected by
default. Go to Step 3.
Figure 183. SSL VPN Client screen for IPv4
• IPv6. Select the IPv6 radio button. The SSL VPN Client screen displays the IPv6
settings (the following screen shows some examples).