About VPN Tunneling Resource Policies
VPN tunneling resource policies specify a variety of session parameters you can use to determine the method of access for remote clients. You can configure the following types of resource policies and apply them to one or more user roles:
- Access resource policies—This policy type specifies which resources users may access when using VPN tunneling, such as Web, file, and server machines on the corporate intranet.
- Packet logging resource policies—This policy type allows you to compile client-side VPN tunneling packet logs on the system to help diagnose and resolve connection issues. Connection profiles resource policies—This policy type specifies which option (DHCP or system-managed IP address pool) The system uses to assign an IP address to the client-side VPN tunneling agent. You can also use this feature to specify the transport protocol and encryption method for the VPN tunneling session.
- Split Tunneling resource policies—This policy type enables you to specify one or more network IP address/netmask combinations for which the system handles traffic passed between the remote client and the corporate intranet.
A few notes about specifying resources for a VPN tunneling resource policy:
- You cannot specify a hostname for a VPN tunneling resource policy. You can only specify an IP address.
- You can specify protocols (such as tcp, udp, icmp) for VPN tunneling. For all other access feature resource policies, specifying protocols is not supported.
- If the protocol is missing, all protocols are assumed. If a protocol is specified, then the delimiter “://” is required. No special characters are allowed.
- You cannot mix port lists and port ranges, such as 80, 443, 8080-8090 for VPN tunneling resource policies.
- If you specify a port, you must specify a protocol.
- If the port number is missing, the default port * is assigned for http.