Configuring Internet access for VPN clients connecting to IAG

  • Article

Applies To: Intelligent Application Gateway (IAG)

When Whale Communications Intelligent Application Gateway (IAG) 2007 remote virtual private network (VPN) clients connect to the corporate network through the IAG Network Connector application, you can define how such clients access the Internet. You can specify that Internet requests from remote access VPN clients are routed through the client's original Internet connection, or you can route Internet requests through the corporate network gateway. You can also specify that client endpoints connecting to Network Connector cannot access the Internet.

Configuring Internet access for remote VPN clients

Configure an Internet access policy for remote VPN clients as follows:

To configure an Internet access policy

  1. In the IAG Configuration console, on the Admin menu, click Network Connector Server.

  2. In Network Connector Server, select the Access Control tab.

  3. In Internet Access, select one of the following:

    • Select Split Tunneling (Route Internet Traffic Through Original Client Connection to specify that remote VPN clients should access the Internet through the Internet connection configured on the client endpoint.

    • Select Non-Split Tunneling (Route Internet Traffic Through the Corporate Gateway to specify that remote VPN clients should access the Internet through the corporate Internet gateway. Select Disable Local Area Network Access to specify that client endpoints connected to Network Connector cannot access the local network on the client endpoint (for example a home network). Note that when you select non-split tunneling the settings on the Additional Networks tab do not apply, because all network traffic passes through the Network Connector tunnel. In this mode, if the client endpoint session ends unexpectedly, users are prompted to re-enable their Internet connection.

    • Select No Internet Access to specify that remote VPN clients cannot access the Internet. In this mode, client endpoints can only access networks defined in the Network Segment and Additional Networks tabs. Select Disable Local Area Network Access to specify that client endpoints connected to Network Connector cannot access the local network on the client endpoint (for example a home network).

  4. In IP Spoofing Policy, select Disable Spoofed Traffic to specify that the Network Connector server should check and validate the source IP address of each packet arriving at the server and tunnel traffic only from connected Network Connector clients. Clear this setting to specify that other types of traffic should be tunneled.

  5. In Protocol Blockers, select any protocols that should be blocked. When a setting is enabled, all traffic using the protocol is blocked.