This article describes how to configure Access Gateway Enterprise Edition appliance LAN access.

The Access Gateway Enterprise Edition appliance has two features which allow a user to access LAN resources while connected to the SSL VPN when there is a requirement for all non-LAN traffic to be tunneled.

Instructions

To configure Access Gateway Enterprise Edition LAN access, use one of the following methods:

Method 1: Configure “split-tunnel with the reverse option”

With this method, all network traffic sourced by the client is intercepted by the Access Gateway Enterprise Edition secure access client except for hosts or subnets configured through intranet applications.

You can define the hosts and/or subnets which are on your LAN as intranet applications which then can be bound either to a session policy or at a global level.

1. Run the following command from the command line interface, to set at a global level: set vpn parameter -splitTunnel REVERSE

2. Run the following command line interface to set within a session policy/action:
   set vpn sessionAction <name> -splitTunnel REVERSE

3. From the Graphical User Interface (GUI) of the Access Gateway Enterprise Edition appliance select Access Gateway > Global Settings > Change Global Settings > Client Experience.

   

Method 2: Enable Local LAN Access

This setting must be enabled on the Access Gateway Enterprise Edition appliance either within a session policy/action or at a global level.

After you enable Local LAN Access on the Access Gateway Enterprise Edition appliance, you must also enable it within the secure access client running on the computer because it is not checked and disabled by default.

With this setting enabled, the secure access client does not intercept any traffic destined to the same subnet for which the client’s local LAN IP address is configured.

1. Run the following command from the command line interface, to set at a global level: set vpn parameter -localLanAccess ON

2. Run the following command line interface to set within a session policy/action:
   set vpn sessionAction <name> -localLanAccess ON

3. From the GUI of the Access Gateway Enterprise Edition appliance select Access Gateway > Global Settings > Change Global Settings > Client Experience > Advanced.