Netgear SSL312; ISA 2000 and SecureNAT Remote Laptops

I have been using the Netgear SSL312 VPN Concentrator to provide a Remote Access Service on my Small Business Server Network.

This has been largely successful, but I had the nagging problem of remote users being unable to surf the web whilst the VPN client was loaded – all they could "see" was the internal network.

On my system, all Remote Laptops are “SecureNAT Clients” (they do not have the ISA Firewall Client software loaded). SecureNAT clients are unable to send authentication information to ISA, so I decided to try adding a new “Open Access” Site & Content Rule within ISA purely for SSL312 VPN Clients. Fortunately, it worked!

Here is what I did…

Firstly, add a new Client Address Set (called “SSL312 VPN Clients”) to cover the range of IP Addresses issued by the SSL312. In our case, the range is 192.9.200.200 => 192.9.200.220.

Client Address Set

Then add a Site & Content Rule (called “Allow All SSL312 Internet Access”) to allow “free” access to the internet for all of the above clients.

Site & Content Rule

© Stephen Holder
08 January 2008

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s