You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > Remote Access > VPN Tunneling > VPN Tunneling Resource Policy Configuration Use Case

VPN Tunneling Resource Policy Configuration Use Case

This topic describes a real-world VPN tunneling application and the steps necessary to configure the appropriate resource policy providing access to remote users on the network.

Large financial institutions (also called Fortune Companies) require a robust client sign-in application like VPN tunneling to help provide remote employees seamless network connection to a large range of enterprise resources at the corporate headquarters. Often, remote users need to be able to access multiple applications on their laptops/client machines beyond simple e-mail or meeting scheduling applications. These remote super users or power users require secure, encrypted access to powerful server applications like Microsoft OutlookTM, OracleTM databases, and the RemedyTM case management system.

For this scenario, let’s assume the following:

To configure a VPN tunneling resource policy providing appropriate access to the Fortune Company remote users:

  1. Create a new VPN tunneling resource policy where you specify the three servers to which you want to grant remote users access:
    1. In the Resources section, specify the IP address ranges necessary to allow access to the three servers (outlook.acme.com, oracle.financial.acme.com, and case.remedy.acme.com) separated by carriage returns.

      udp://10.2.3.64-127:80,443

      udp://10.2.3.192-255:80,443

      Note: Configuring your resource as 10.1.1.1-128:* is not supported. Doing so will result in an error.

    1. In the Roles section, select the Policy applies to SELECTED roles option and ensure that only the “user_role_remote” role appears in the Selected roles list.
    2. In the Action section, select the Allow access option.
  1. Create a new VPN tunneling connection profile where you define the transport and encryption method for the data tunnel between the client(s) and system:
  2. In the IP address assignment section, select the IP address pool option and enter 10.2.3.128-192 in the associated text field.
  3. In the Connection Settings section, select the ESP transport option and the AES/SHA1 encryption option.
  4. In the Roles section, select the Policy applies to SELECTED roles option and ensure that only the “user_role_remote” role appears in the Selected roles list.

Related Topics