Configuring VPN Tunneling
The following steps do not account for preliminary configuration steps such as specifying the system's network identity or adding user IDs.
To configure Ivanti Connect Secure for VPN tunneling:
1.Enable access to VPN tunneling at the role-level using settings in the Users > User Roles > Role > General > Overview page of the admin console.
2.Create VPN tunneling resource policies using the settings in the Users > Resource Policies > VPN Tunneling tabs:
•Specify general access settings and detailed access rules for VPN tunneling in the Access Control tab of the admin console.
•Specify Connection Profiles to assign to remote users in the Connection Profiles tab of the admin console.
•(Optional) Specify split tunneling behavior for VPN tunneling in the Split Tunneling tab of the admin console.
3.Specify whether or not to enable GINA/Credential Provider installation, employ split tunneling, and/or auto-launch behavior in the Users > User Roles > Role > VPN Tunneling page of the admin console.
If you choose to activate split tunneling behavior in this page, you must first create at least one split-tunneling resource profile, as described above.
You must enable VPN tunneling for a given role if you want a user mapped to that role to be able to use GINA/Credential Provider during Windows logon.
4.Specify an IP address for the VPN tunneling server-side process to use for all VPN tunneling user sessions on the System > Network > VPN Tunneling page in the admin console.
5.Ensure that an appropriate version of VPN tunneling is available to remote clients.
6.If you want to enable or disable client-side logging for VPN tunneling, configure the appropriate options in the System > Log/Monitoring > Client Logs > Settings page of the admin console.
To install VPN tunneling, users must have appropriate privileges, as described in the Ivanti Connect Secure Client-Side Changes Guide. If the user does not have these privileges, use the Installer Service available from the Maintenance > System > Installers page of the admin console to bypass this requirement.
VPN tunneling requires signed ActiveX or signed Java applets to be enabled within the browser to download, install, and launch the client applications.
By default, Vista Advanced firewall blocks all inbound traffic and allows all outbound traffic. For VPN tunneling to work in conjunction with Vista Advanced firewall, configure the following settings:
•Change the Vista Advance firewall default settings to block all inbound and outbound traffic
•Create the following outbound rules in the appropriate firewall profile:
•Create a port rule to allow any to any IP and TCP any port to 443
•Create a custom rule to allow 127.0.0.1 to 127.0.0.1 TCP any to any
•Allow iExplorer.exe
In prior releases you could specify whether the system compiles packet logs for specific VPN tunneling users. This option is no longer available as it impacts performance.