If your corporate network uses
10.1.0.0/255.255.0.0 as its corporate IP address space, you may decide to dedicate
10.1.254.2-10.1.254.254 as the corporate address pool for use by the Network
Connector SSL VPN. For a private address pool, you may choose to use 192.168.254.2-
192.168.254.254. If you specify corporate addresses, you will need to exclude these
addresses from your corporate Dynamic Host Confi guration Protocol (DHCP) server;
otherwise, you could cause IP confl icts. If you select Private IP addresses you will also
need to ensure that the address pools specifi ed are properly routed through your network
gateway to the IAG server and properly confi gured in your corporate fi rewalls. With both
corporate and private addresses, the DHCP service needs to be installed and running on
the IAG server in order to assign IP addresses to remote clients (see Figure 10.3).
Figure 10.3 Assigning Corporate and Private IP Addresses
Configuring Virtual Private Network Traffic ??? Chapter 10 367
Access Control
The Access Control tab allows you to set the access restrictions that will apply to the
clients that are connected via the Network Connector. The Internet Access section
allows you to defi ne how a client will connect to the Internet. This can be either
Split Tunneling Mode, where Internet Traffi c bypasses the VPN, Non-Split Mode,
where Internet traffi c is routed through the corporate connection, or No Internet
Access, where the client allows access to only resources defi ned on the Network
Connector server (see Figure 10.
Pages:
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363