Quick Reference Guide

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

7-12 Virtual Private Networking Using SSL

v1.0, January 2010

3. Select Enable Full Tunnel Support unless you want split tunneling.

4. (Optional) Enter a DNS Suffix to be appended to incomplete DNS search strings.

5. Enter Primary and Secondary DNS Server IP addresses to be assigned to the VPN tunnel

clients.

6. In the Client Address Range Begin field, enter the first IP address of the IP address range.

7. In the Client Address Range End field, enter the last IP address of the IP address range.

8. Click Apply.

The “Operation succeeded” message appears at the top of the screen.

VPN tunnel clients are now able to connect to the VPN firewall and receive a virtual IP address in

the client address range.

Adding Routes for VPN Tunnel Clients

The VPN Tunnel Clients assume that the following networks are located across the VPN over the

SSL tunnel:

• The subnet containing the client IP address (PPP interface), as determined by the class of the

address (Class A, B, or C).

• Subnets specified in the Configured Client Routes table.

If the assigned client IP address range is in a different subnet than the corporate network, or the

corporate network has multiple subnets, you must define Client Routes.

To add an SSL VPN Tunnel client route, follow these steps:

1. Select VPN > SSL VPN from the main/submenu.

2. Select the SSL VPN Client tab. The SSL VPN Client screen is displayed (see Figure 7-5 on

page 7-11).

Note: In split tunneling, appropriate client routes must be added to allow traffic to be

directed through the VPN tunnel. In full tunneling, all traffic is forwarded

through the tunnel, including Internet traffic; client routes are not required.

Note: VPN client routs need to be added in split tunnel mode only.