Environment
Novell Access Management 3 SSLVPN Server
Situation
When the SSLVPN client is loaded, it gives the users the ability to
tunnel data going to applications on the private, protected
network. All other traffic, destined for non protected networks,
will continue to go out the public interface as normal. This setup
is known as split tunneling.
Administrators may want to prevent access to public resources when the SSLVPN tunnel is running. In order to do this, additonal steps are required.
Administrators may want to prevent access to public resources when the SSLVPN tunnel is running. In order to do this, additonal steps are required.
Resolution
If the administrator needs the extra security then you disable
split tunneling with NAM by applying a traffic policy for the
0.0.0.0 network. Doing this will prevent any packets going out
destined for public addresses.
However, with the current client we can only tunnel traffic through our SSLVPN if the client processes the requests. It only does this if
a) the request comes from a NEW process started after the SSLVPN client was brought up and
b) the call was made to WINSOCK.
If the process was already running or if a call is made to NetBIOS or MAPI or whatever then the SSLVPN client will not process it and redirect it through the tunnel.
However, with the current client we can only tunnel traffic through our SSLVPN if the client processes the requests. It only does this if
a) the request comes from a NEW process started after the SSLVPN client was brought up and
b) the call was made to WINSOCK.
If the process was already running or if a call is made to NetBIOS or MAPI or whatever then the SSLVPN client will not process it and redirect it through the tunnel.