About VPN access to the internal network with IAG

Applies To: Intelligent Application Gateway (IAG)

You can configure remote client VPN connections to the internal corporate network using the Whale Communication Intelligent Application Gateway (IAG) 2007 Network Connector. Network Connector provides the following features:

• Auto-detection and manual tuning of corporate network settings such as DNS, WINS, default gateway, and domain name, and includes support for computers with multiple connections..

• Support for all types of IP-based unicast traffic, in any direction: client to server, server to client, and client to client.

• Two IP provisioning methods.

• Internet access configuration, including split tunneling, non-split tunneling, and none.

• Protocol filters for IP-based protocols.

• Access to additional networks.

For information about configuring a remote virtual private network (VPN) client connection by using Network Connector, see Configuring VPN connections to an IAG server.

After configuring a Network Connector server, you allow remote VPN access to internal networks by publishing Network Connector in a portal. For more information, see Publishing applications in an IAG portal.

About remote user interaction with the network connector

Remote VPN clients connecting to the internal network using Network Connector are treated as if they are part of the corporate network, with full connectivity over a virtual and secure transparent connection. Depending on the Network Connector server configuration, remote VPN clients can do the following:

• Communicate with all the computers in the network. For example, the system administrator can connect to remote VPN client endpoints in order to install software updates, configure existing applications, or help users to troubleshoot their systems.

• Access corporate servers and systems such as mail, FTP servers, databases, and voice over IP applications.

• Communicate with other VPN remote clients connected with Network Connector.

Remote users launch the Network Connector client using the Network Connector application link on a portal homepage. After the application is launched, users are connected to the internal network. They can access and be accessed by other network computers. They can run additional internal applications, without having to launch the application from the portal homepage. User interaction with Network Connector depends on the IAG SSL Wrapper client component that is installed on their computer. Note the following:

• Only one Network Connector client can run on a client endpoint at a time.

• It is recommended that while Network Connector is active, users do not access other IAG portal sites.

• For more information about the IAG SSL Wrapper, see About the IAG SSL Wrapper component.

Interaction on client endpoints running the SSL Wrapper ActiveX component

On client endpoints running the SSL Wrapper ActiveX client component, once the Network Connector client is running, the traffic of all non-Web applications that are launched thereafter is tunneled through the Network Connector. This includes the following:

• SSL Wrapper applications that are launched with the portal homepage.

• Internal applications, that is, applications that are part of the corporate network, which are launched directly, and not via the portal homepage. For example, users can launch Microsoft Office Outlook directly (without a link on the portal home page) and connect to the corporate Microsoft Exchange server.

• In addition, while remote VPN clients are connected with Network Connector, they can launch any Web application directly (not with the portal), including applications that are not defined as portal applications and applications that are not supported by IAG. Portal Web applications can still be launched from the portal as usual.

When the Network Connector client is running in this setup, a Network Connector icon replaces the SSL Wrapper icon in the Windows System tray (to the right of the Windows taskbar). You can do the following using the Network Connector icon:

• Hovering over the Network Connector icon displays the statistics of the traffic that is tunneled through the Network Connector.

• Right-clicking the icon enables you to disconnect Network Connector.

• Double-clicking the icon opens the Portal Activity window. When an application is tunneled using Network Connector, it is not listed in the Active Connections area. The connection of an SSL Wrapper application using the Network Connector is reported next to the application name, in the Launched Applications area. For a detailed description of the Portal Activity windows, see the section "Portal Activity window" in About the IAG SSL Wrapper component.

About remote user interaction on client endpoints running the SSL Wrapper Java applet

On computers that run the SSL Wrapper Java applet, Network Connector behaves like any other SSL Wrapper application. When the Network Connector client is running, applications behave as follows:

• Non-Web internal applications, that is, applications that are part of the corporate network, which are launched directly, and not via the portal homepage, are tunneled through Network Connector.

• SSL Wrapper applications that are launched via the portal homepage are not tunneled through the Network Connector client in this setup.

• In addition, while remote VPN clients are connected using Network Connector, they can launch any Web application directly (not via the portal), including applications that are not defined as portal applications and applications that are not supported by IAG. Web applications published by a portal can still be launched from the portal as usual.

• Disconnecting the Network Connector client disconnects all the applications that are tunneled through it. It does not, however, disconnect applications that were not tunneled through Network Connector.