This topic describes the Forefront Unified Access Gateway (UAG) SSL Network Tunneling component, which allows you to create remote client VPN connections to the internal corporate network.
The SSL Network Tunneling component provides the following features:
- Auto-detection and manual tuning of corporate
network settings, such as DNS, WINS, default gateway, and domain
name, and includes support for computers with multiple
connections.
- Support for all types of IP-based unicast
traffic, in any direction: client to server, server to client, and
client to client.
- Two IP provisioning methods.
- Internet access configuration, including
split tunneling, non-split tunneling, and no tunneling.
- Protocol filters for IP-based protocols.
- Access to additional networks.
After configuring an SSL Network Tunneling server, you can allow remote VPN access to internal networks by publishing the SSL Network Tunneling application in a portal. The type of network tunneling that is used (Network Connector or SSTP) is determined when client endpoints access your site.
About remote user interaction
Remote VPN clients connecting to the internal network using SSL Network Tunneling are treated as if they are part of the corporate network, with full connectivity over a virtual and secure transparent connection. Depending on the SSL Network Tunneling server configuration, remote VPN clients can:
- Communicate with all the computers in the
network; for example, the system administrator can connect to
remote VPN client endpoints to install software updates, configure
existing applications, or help users to troubleshoot their
systems.
- Access corporate servers and systems such as,
mail, FTP servers, databases, and voice over IP applications.
- Communicate with other VPN remote clients
connected with SSL Network Tunneling.
Remote users can launch the SSL Network Tunneling client using the SSL Network Tunneling application link on a portal homepage. After the application is launched, users are connected to the internal network. They can access and be accessed by other network computers. They can run additional internal applications, without having to launch the application from the portal homepage. User interaction with SSL Network Tunneling depends on the SSL Network Tunneling client component that is installed on their computer.
Note the following:
- Only one SSL Network Tunneling client can run
on a client endpoint at a time.
- It is recommended that while SSL Network
Tunneling is active, users do not access other Forefront UAG portal
sites or close the Web browser.