Citrix

How to Configure Access Gateway Enterprise Edition Appliance Local LAN Access

  • CTX126953
  • Created onMar 26, 2014
  • Updated onMay 23, 2014
Article Topic Configuration

Objective

This article describes how to configure Access Gateway Enterprise Edition appliance LAN access.

The Access Gateway Enterprise Edition appliance has two features which allow a user to access LAN resources while connected to the SSL VPN when there is a requirement for all non-LAN traffic to be tunneled.

Instructions

To configure Access Gateway Enterprise Edition LAN access, use one of the following methods:

    Method 1: Configure “split-tunnel with the reverse option”

    With this method, all network traffic sourced by the client is intercepted by the Access Gateway Enterprise Edition secure access client except for hosts or subnets configured through intranet applications.

    You can define the hosts and/or subnets which are on your LAN as intranet applications which then can be bound either to a session policy or at a global level.

    1. Run the following command from the command line interface, to set at a global level: set vpn parameter -splitTunnel REVERSE

    2. Run the following command line interface to set within a session policy/action:
      set vpn sessionAction <name> -splitTunnel REVERSE

    3. From the Graphical User Interface (GUI) of the Access Gateway Enterprise Edition appliance select Access Gateway > Global Settings > Change Global Settings > Client Experience.

      User-added image

     

    Method 2: Enable Local LAN Access

    This setting must be enabled on the Access Gateway Enterprise Edition appliance either within a session policy/action or at a global level.

    After you enable Local LAN Access on the Access Gateway Enterprise Edition appliance, you must also enable it within the secure access client running on the computer because it is not checked and disabled by default.

    With this setting enabled, the secure access client does not intercept any traffic destined to the same subnet for which the client’s local LAN IP address is configured.

    1. Run the following command from the command line interface, to set at a global level: set vpn parameter -localLanAccess ON

    2. Run the following command line interface to set within a session policy/action:
      set vpn sessionAction <name> -localLanAccess ON

    3. From the GUI of the Access Gateway Enterprise Edition appliance select Access Gateway > Global Settings > Change Global Settings > Client Experience > Advanced.

      User-added image

     

    Applicable Products

    Automatic translation

    Important: This article was translated by an automatic translation system (also referred to as Machine Translation, or MT) and has not been translated or reviewed by people. Citrix offers a machine translated version of this article to allow for greater access to the support content. However, automatic translation is not always perfect and may contain errors of vocabulary, syntax or grammar. Citrix is not responsible for inconsistencies, errors or damage incurred as a result of the use of MT articles from our customers.Thank you.
    Click here to see the English version of this article.
    Languages
    Was this helpful?
    Thank you for your feedback

    Share your comments or find out more about this topic

    Citrix Forums