One of the primary benefits of using Access Server is the fact that it offers a handy Admin Web UI that makes configuring network settings simple. This page will provide an overview of some of the common network settings you can change from the Admin Web UI. The entire user manual provides a more thorough guide. In addition to the settings you can easily configure with the Admin Web UI, you can make more advanced configuration changes through your server’s command line.
Defining the Dynamic and Static IP Address Network
Defining the Dynamic IP Address Network
By default, users that connect to the VPN will be assigned an IP address from a default sub-network. This sub-network can be changed:
Click Configuration on the blue side menu
Click VPN Settings
Under VPN IP Network -> Dynamic IP Address Network -> Network Address define a host IP Address
Under VPN IP Network -> Dynamic IP Address Network -> # of Netmask bitsdefine the number of Netmask bits
Defining the Static IP Address Network
If you want to give a user profile a static IP address, you must first define the network of IP addresses that the users can be assigned. Defining this network follows under essentially the same process as defining the dynamic IP address network:
Under VPN IP Network -> Static IP Address Network (Optional) -> Network Address define a host IP Address
Under VPN IP Network -> Static IP Address Network -> # of Netmask bits define the number of Netmask bits
Defining the Default Group IP Address Network
If you want a specific dynamic IP address network for users in an undefined group, the format of defining the network is slightly different:
Under VPN IP Network -> Group Default IP Address Network (Optional) -> Network Address define a host IP Address divided by the number of Netmask bits in the text box provided.
Configuring VPN Routing
Configuring Routing is an optional yet powerful configuration. You have the ability to configure the settings for how VPN clients communicate with private subnets within the server. You can also configure whether or not Internet traffic is routed through the VPN, and you can grant access to network services to clients connecting to the server via a gateway client.
Configuring Routing for Private Subnets within the Server
Should clients require access to private networks within the server, you can enable this setting by choosing one of the options aligned with Should VPN clients have access to private subnets (non-public networks on the serverside)?
Choosing either of the ‘Yes’ options will require you to specify these subnets. You can insert these subnets in the text box aligned with Specify the private subnets to which all clients should be given access (one per line):
Choosing Yes, using NATwill permit one-directional traffic to these private sub-networks. Essentially, traffic from the client will be sent to the sub-network but it will not route traffic back to the client.
Choosing Yes, using Routingwill permit both the client and the private sub-networks to send traffic back to one another. With this setting enabled, you can choose if you want to allow private subnets access to all VPN clients’ IP addresses and subnets by clicking on the button aligned with Allow access from these private subnets to all VPN client IP addresses and subnets.
Other VPN Routing Configurations
The remaining Routing configurations are simple toggle button options. These are settings that do not necessarily require specifications for any subnets within the server.
To permit Internet traffic to be passed through the VPN, click the button aligned with Should client Internet traffic be routed through VPN?
If you wish to allow a client access to the Network Services via a VPN gateway, click the button aligned with Should clients be allowed to access network services on the VPN gateway IP address?
Allowing VPN Clients to Communicate with Each Other
You can allow Clients to communicate with each with the simple press of a button. First, navigate to the Advanced VPN Settings Page.
Click Configuration on the blue side bar.
Underneath Inter-Client Communication click the toggle for Should clients be able to communicate with each other on the VPN IP Network?
In the case that you decide that you only want Administrators to be able to access VPN clients:
Underneath Inter-Client Communication, disable the setting Should clients be able to communicate with each other on the VPN IP Network?
You can now enable Allow VPN users with Administrator privilege to access all VPN client IP addresses with the toggle..
Changing VPN Server Network Settings
Easily changing the VPN Network Settings is one of the major benefits of using the Access Server Admin Web UI. Configurations for the VPN Server Network Settings will be found on the Network Settings page:
Click Configurationon the blue side bar.
Click on Network Settings.
Underneath VPN Server -> Hostname or IP Address:you can input a hostname or IP address for the server
Underneath VPN Server -> Protocol, you can chose with network protocol you would like to use. You have the choice of TCP, UDP or both.
You have the option to define these ports that these protocols will use. By default, TCP uses port 443. UDP will use port 1194 in Multi-daemon mode and will use 443 if it is the single chosen protocol.
If you choose Multi-daemon mode, then you will have the option to define the amount of daemons for each protocol; the default is 1 daemon for each.
The sections on the right provide more settings for updating your Access Server and Connect clients.These sections function primarily the same as the VPN server but will apply to interfaces attempting to access the Admin Web UI and the Connect Client Web UI respectively. For more information regarding this page, click here.