I have been using the Netgear SSL312 VPN Concentrator to provide a Remote Access Service on my Small Business Server Network.
This has been largely successful, but I had the nagging problem of remote users being unable to surf the web whilst the VPN client was loaded – all they could "see" was the internal network.
On my system, all Remote Laptops are “SecureNAT Clients” (they do not have the ISA Firewall Client software loaded). SecureNAT clients are unable to send authentication information to ISA, so I decided to try adding a new “Open Access” Site & Content Rule within ISA purely for SSL312 VPN Clients. Fortunately, it worked!
Here is what I did…
Firstly, add a new Client Address Set (called “SSL312 VPN Clients”) to cover the range of IP Addresses issued by the SSL312. In our case, the range is 220.127.116.11 => 18.104.22.168.
Then add a Site & Content Rule (called “Allow All SSL312 Internet Access”) to allow “free” access to the internet for all of the above clients.
© Stephen Holder
08 January 2008