Adding networks for VPN client access to IAG
Applies To: Intelligent Application Gateway (IAG)
When configuring the Whale Communications Intelligent Application Gateway (IAG) 2007 Network Connector application, you define additional network destinations that are available to remote virtual private network (VPN) clients connecting to Network Connector. This is useful if your corporate network has more than one IP address subnet and you want to allow remote VPN client access to some or all subnets of your internal network.
Note
In IAG Service Pack 2 you can define up to 200 additional networks. This change was first introduced in IAG Service Pack 1, Update 5. Prior to this update, Network Connector supported seven additional networks.
Configuring additional VPN networks
Configure additional VPN networks as follows:
To configure additional networks
In the IAG Configuration console, on the Admin menu, click Network Connector Server.
In Network Connector Server, select the Additional Networks tab.
Select Enable Access to the Following Additional Networks, and then click Add.
In the Add Network dialog box, specify the IP addresses and mask for the network. Ensure that the IP address and mask are valid and do not overlap with other defined networks.
Specify how IP address conflicts should be handled. Select one of the following:
If you want to specify that if there is a conflict, the connection attempt will fail, and the VPN remote client will not be connected to network connector, select Fail.
If you want to specify that the client endpoint can choose whether to fail the attempted connection or skip the conflicting network and connect to other networks using network connector, select Prompt.
If you want to specify that the conflicting network connection is skipped and that the client endpoint should connect to other non-conflicting networks using network connector, select Skip.
Repeat the steps for each additional network you want to define.
Notes
Settings on the Additional Networks tab are not used if the Internet access level defined on the Access Control tab is set to Non-Split Tunneling. In this mode, all network traffic is tunneled over the network connector VPN connection.
When the Internet access levels defined on the Access Control tab are set to Split Tunneling or No Internet Access, the corporate network must be defined as an additional network. Otherwise, remote VPN clients can access only VPN clients and not the corporate network.