About the SSL Network Tunneling component

Published: January 11, 2010

Updated: February 15, 2013

Applies To: Unified Access Gateway

Some of the Forefront Unified Access Gateway 2010 SP3 features discussed in this article may be deprecated and may be removed in subsequent releases. For a complete list of deprecated features, see Features Deprecated in Forefront UAG SP3.

This topic describes the Forefront Unified Access Gateway (UAG) SSL Network Tunneling component, which allows you to create remote client VPN connections to the internal corporate network.

The SSL Network Tunneling component provides the following features:

  • Auto-detection and manual tuning of corporate network settings, such as DNS, WINS, default gateway, and domain name, and includes support for computers with multiple connections.

  • Support for all types of IP-based unicast traffic, in any direction: client to server, server to client, and client to client.

  • Two IP provisioning methods.

  • Internet access configuration, including split tunneling, non-split tunneling, and no tunneling.

  • Protocol filters for IP-based protocols.

  • Access to additional networks.

After configuring an SSL Network Tunneling server, you can allow remote VPN access to internal networks by publishing the SSL Network Tunneling application in a portal. The type of network tunneling that is used (Network Connector or SSTP) is determined when client endpoints access your site.

About remote user interaction

Remote VPN clients connecting to the internal network using SSL Network Tunneling are treated as if they are part of the corporate network, with full connectivity over a virtual and secure transparent connection. Depending on the SSL Network Tunneling server configuration, remote VPN clients can:

  • Communicate with all the computers in the network; for example, the system administrator can connect to remote VPN client endpoints to install software updates, configure existing applications, or help users to troubleshoot their systems.

  • Access corporate servers and systems such as, mail, FTP servers, databases, and voice over IP applications.

  • Communicate with other VPN remote clients connected with SSL Network Tunneling.

Remote users can launch the SSL Network Tunneling client using the SSL Network Tunneling application link on a portal homepage. After the application is launched, users are connected to the internal network. They can access and be accessed by other network computers. They can run additional internal applications, without having to launch the application from the portal homepage. User interaction with SSL Network Tunneling depends on the SSL Network Tunneling client component that is installed on their computer.

Note the following:

  • Only one SSL Network Tunneling client can run on a client endpoint at a time.

  • It is recommended that while SSL Network Tunneling is active, users do not access other Forefront UAG portal sites or close the Web browser.