Virtual Private Networking Using SSL Connections
280
ProSafe Gigabit Quad WAN SSL VPN Firewall SRX5308
4. Click Apply to save your settings. VPN tunnel clients are now able to connect to the VPN
firewall and receive a virtual IP address in the client address range.
Add Routes for VPN Tunnel Clients
The VPN tunnel clients assume that the following networks are located across the
VPN-over-SSL tunnel:
• The subnet that cont
ains the client IP address (that is, PPP interface), as determined by
the class of the address (Class A, B, or C).
• Subnet
s that are specified in the Configured Client Routes table on the SSL VPN Client
screen.
If the assigned client IP address range is in a dif
ferent subnet from the local network, or if the
local network has multiple subnets, or if you select split-tunnel operation, you need to define
client routes.
To add an SSL VPN tunnel client route:
1. Select VPN > SSL VPN
> SSL VPN Client. The SSL VPN Client screen for IPv4
displays (see Figure 183 on p
age 278).
2. S
pecify the IP version for which you want to add a route:
• IPv4. In
the upper right of the screen, the IPv4 radio button is already selected by
default. Go to Step 3.
• IPv6. Select
the IPv6 radio button. The SSL VPN Client screen displays the IPv6
settings (see Figure 184 on p
age 279).
3. In
the Add Routes for VPN Tunnel Clients section of the screen, specify information in the
following fields:
• Destinati
on Network. The destination network IPv4 or IPv6 address of a local
network or subnet. For example, for an IPv4 route, enter 10.211.23.8.
• Subnet Mask /
Prefix Length. For an IPv4 route, the address of the appropriate
subnet mask; for an IPv6 route, the prefix length.
4. Click the Add t
able button. The new client route is added to the Configured Client Routes
table.
IPv4 screen only
(continued)
Client Address
Rang
e End
The last IP address of the IPv4 address range that you
want to assign to the VPN tunnel clients. By default, the
last IPv4 address is 192.168.251.254.
IPv6 screen only
Client IPv6
Ad
dress Range
Begin
The first IP address of the IPv6 address range that you
want to assign to the VPN tunnel clients. By default, the
first IPv6 address is 4000::1.
Client IPv6
Ad
dress Range
End
The last IP address of the IPv6 address range that you
want to assign to the VPN tunnel clients. By default, the
last IPv6 address is 4000::200.
Table 71. SSL VPN Client screen settings for IPv4 and IPv6 (continued)
Setting Description