Owner's Manual
NETGEAR ProSafe SSL VPN Concentrator 25 SSL312 Reference Manual
6-4 Configuring the SSL VPN Tunnel Client and Port Forwarding
v2.1, November 2008
In the Client IP Address Range section of the screen, you can define the IP address range to
assign to incoming VPN Tunnel clients. The default range begins with 192.168.251.1 and ends
with 192.168.251.254.
2. In the Client Address Range Begin field, enter the first IP address of the IP address range.
3. In the Client Address Range End field, enter the last IP address of the IP address range.
4. Select one of the following:
• Enter the Network Subnet to enable Split Tunnel Mode (point-to-point). If you choose a
different subnet for the VPN Tunnel client range than the subnet used by the corporate
network, then you must:
a. Add a client route to configure the VPN Tunnel client to connect to the corporate
network using the VPN tunnel.
b. Create a static route on the corporate network firewall to forward traffic intended for
the VPN clients to the SSL VPN gateway.
• Select the Enable Full Tunnel Support check box to enable Full Tunnel mode. The VPN
client will install an 0.0.0.0 route on the client machines that will forward all traffic to the
SSL Concentrator.
5. Click Apply to update the configuration.
6. Restart the SSL VPN Concentrator software if any VPN Tunnel Clients are actively
connected. Restarting will force the clients to obtain a new virtual IP address.
VPN Tunnel Clients are now able to connect to the SSL VPN Concentrator and receive a
dynamic IP address in the client address range.
.
Adding Routes for VPN Tunnel Clients
The VPN Tunnel Clients assume that the following networks are located across the VPN over SSL
tunnel:
• The subnet containing the client IP address (PPP interface), as determined by the class of the
address (Class A, B, or C).
• Subnets specified in the Configured Client Routes table.
Note: Be sure to configure DNS addresses in the Network menu.