Configuring Network Routing Rules for VPN Clients

When you set a computer as the VPN client, you can configure network routing rules to control how the VPN client should reach the resources in your private network.

By default, when you enable the VPN client feature on a computer, two routing rules are automatically configured:

If a private resource is resolvable from the VPN client's cached DNS data, the VPN client connects directly to that resource.
If a private resource is not resolvable from the VPN client's cached DNS data, the VPN client goes through the configured VPN router acting as a proxy. If no VPN router is configured, this rule does not appear.

Procedure

From the CommCell Browser, expand the Client Computers node, right-click the Client and click Properties.

If you configured the VPN clients in a client group, expand the Client Computer Groups node, right-click the Client_Group and click Properties.
In the properties dialog box, click Network.
In the Network Properties dialog box, click the VPN Config tab, and then click the VPN Client subtab.

The current network routing rules are displayed in the Rules section.
To add a new rule, click Add.

In the VPN Client Configuration dialog box, follow the configuration steps that meet your VPN requirements:

Configuration	Steps
Route the network connections based on matching the host name, domain, IP address, and other network properties of the private resource.	In the Condition section, click Host matches pattern and enter a pattern. Only one pattern, or IP address, can be entered for each rule. Patterns can include wild cards, which are used for string matching. For example, .example.com matches all services in the example.com* domain. String characters are matched without the need of a DNS lookup. You can specify an IP address along with wild cards. For example, 172.21.33.44 or 172.16..1. In the Router* section, choose how you want to route the hosts that match the pattern: If you want to route the hosts through a VPN router, click Forward to VPN Router and select the router name from the list. Router groups are displayed in bold. If the hosts can be accessed directly, click Connect directly. Click OK.
Do not route the connections through the VPN router. You can connect to private resources directly.	In the Condition section, click Host is locally resolvable. The Connect directly option under the Router section is automatically selected. Click OK.

Configuration

Steps

Route the network connections based on matching the host name, domain, IP address, and other network properties of the private resource.

In the Condition section, click Host matches pattern and enter a pattern.
- Only one pattern, or IP address, can be entered for each rule.
- Patterns can include wild cards, which are used for string matching. For example, *.example.com matches all services in the example.com domain. String characters are matched without the need of a DNS lookup.
- You can specify an IP address along with wild cards. For example, 172.21.33.44 or 172.16.*.1.
In the Router section, choose how you want to route the hosts that match the pattern:
- If you want to route the hosts through a VPN router, click Forward to VPN Router and select the router name from the list. Router groups are displayed in bold.
- If the hosts can be accessed directly, click Connect directly.
Click OK.

Do not route the connections through the VPN router. You can connect to private resources directly.

In the Condition section, click Host is locally resolvable. The Connect directly option under the Router section is automatically selected.
Click OK.

If you want to adjust the order in which the rules are evaluated, click the up and down arrows located next to the Rules section.
Determine whether you want to add another rule, or edit/delete an existing one.
Click OK to close the Network Properties dialog box.

Setting Up VPN Services

Configuring Network Routing Rules for VPN Clients

Procedure

Related Topics