Chapter 16 SSL VPN : Basic configuration : Configuring security policies : Enabling a connection to an IPsec VPN : Route-based connection
  
Route-based connection
To configure interconnection with a route-based IPsec VPN - web-based manager:
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Enter the following information and select OK.
Incoming Interface
Select the virtual SSL VPN interface (ssl.root, for example).
Source Address
Select the firewall address that represents the IP address range assigned to SSL VPN clients.
Outgoing Interface
Select the virtual IPsec interface for your IPsec VPN.
Destination Address
Select the address of the IPsec VPN remote protected subnet.
Action
Select ACCEPT.
Enable NAT
Enable.
To configure interconnection with a route-based IPsec VPN - CLI:
If, for example, you want to enable SSL VPN users to connect to the private network (address name OfficeAnet) through the toOfficeA IPsec VPN, you would enter:
config firewall policy
edit 0
set srcintf ssl.root
set dstintf toOfficeA
set srcaddr SSL_tunnel_users
set dstaddr OfficeAnet
set action accept
set nat enable
set schedule always
set service ALL
end
See Also
Policy-based connection
Firewall addresses
Create an SSL VPN security policy
Create a tunnel mode security policy
Split tunnel Internet browsing policy