Route-based connection
To configure interconnection with a route-based IPsec VPN - web-based manager
1. Go to Policy > Policy > Policy and select Create New.
2. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.
3. Enter the following information and select OK.
Incoming Interface | Select the virtual SSL VPN interface, ssl.root, for example. |
Source Address | Select the firewall address that represents the IP address range assigned to SSL VPN clients. |
Outgoing Interface | Select the virtual IPsec interface for your IPsec VPN. |
Destination Address | Select the address of the IPsec VPN remote protected subnet. |
Action | Select ACCEPT. |
Enable NAT | Enable. |
To configure interconnection with a route-based IPsec VPN - CLI
If, for example, you want to enable SSL VPN users to connect to the private network (address name OfficeAnet) through the toOfficeA IPsec VPN, you would enter:
config firewall policy
edit 0
set srcintf ssl.root
set dstintf toOfficeA
set srcaddr SSL_tunnel_users
set dstaddr OfficeAnet
set action accept
set nat enable
set schedule always
set service ALL
end
See Also