Filter
Top Products
Understanding Sidewinder client address pools
Planning Your VPN Configuration 2-9
Understanding
Sidewinder client
address pools
You may choose to implement your VPN using Sidewinder client
address pools. Client address pools are reserved virtual IP addresses,
recognized as internal addresses of the trusted network. Addresses in
this pool are configured on Sidewinder and assigned (or "pushed") to
a VPN client (per VPN configuration) when the VPN connection is
started. Client traffic within the protected network appears to come
from the virtual IP address pool. Only Sidewinder knows the client’s
real IP address.
Figure 2-6. VPN
association
implemented using
client address pool
One of the reasons for using client address pools is that they simplify
the management of VPN clients. They allow the firewall to manage
certain configuration details on behalf of the client. This enables a
remote client to initiate a VPN connection even if the client has not
preconfigured itself for the connection.
When using client address pool, all the Soft-PK client needs to initiate
a VPN connection is:
Authentication information (e.g. a password or certificate)
Internet
burb
Trusted
burb
Virtual
burb
Proxies
Internet
Sidewinder
10.1.1.1
10.1.1.2 (reserved for Client Y)
10.1.1.3
10.1.1.254
Client address pool
VPN
V
P
N
V
P
N
VPN
Internal
network
Client A
VPN
Client Y
VPN
Client Z
Virtual IP address
A Next available within the pool
Next available within the pool Z
10.1.1.2
mappings using this
client address pool.
VPN Client Virtual IP Address
Y