Allowing SSL VPN Clients to Access the Internet
Enabling Client Internet Access will automatically
create advanced NAT rules to allow SSL VPN clients to access the Internet
over SSL VPN tunnels. This section provides an example of manually configuring
advanced NAT rules to allow SSL VPN clients to access the Internet over
SSL VPN tunnels.
1. Assuming
that you enable the SSL VPN feature and configure the gateway settings
as follows.
Field
|
Setting
|
Gateway Interface
|
WAN1
|
Gateway Port
|
443
|
Certificate File
|
default
|
Client Address Pool
|
192.168.200.0
|
Client Netmask
|
255.255.255.0
|
2. If
only a single WAN interface is configured, go to the Firewall > NAT
> Advanced NAT page to create an advanced NAT rule as follows.
Field
|
Setting
|
Name
|
SSLVPN_to_WAN1
|
Enable
|
On
|
From
|
Any
|
To
|
WAN1
|
Original Source Address
|
SSLVPN_ADDRESS_POOL
|
Original Destination Address
|
Any
|
Original Services
|
Any
|
Translated Source Address
|
WAN1_IP
|
Translated Destination Address
|
Any
|
Translated Services
|
Any
|
3. If
two WAN interfaces are configured and the WAN redundancy is set as the
Load Balancing mode, go to the Firewall > NAT > Advanced NAT page
to create two advanced NAT rule as follows.
Field
|
Setting
|
Name
|
SSLVPN_to_WAN1
|
Enable
|
On
|
From
|
Any
|
To
|
WAN1
|
Original Source Address
|
SSLVPN_ADDRESS_POOL
|
Original Destination Address
|
Any
|
Original Services
|
Any
|
Translated Source Address
|
WAN1_IP
|
Translated Destination Address
|
Any
|
Translated Services
|
Any
|
Field
|
Setting
|
Name
|
SSLVPN_to_WAN2
|
Enable
|
On
|
From
|
Any
|
To
|
WAN2
|
Original Source Address
|
SSLVPN_ADDRESS_POOL
|
Original Destination Address
|
Any
|
Original Services
|
Any
|
Translated Source Address
|
WAN2_IP
|
Translated Destination Address
|
Any
|
Translated Services
|
Any
|