Skip to main content

Tutorial: Configure Network Settings with the Admin Web UI

Abstract

Access Server's Admin Web UI simplifies VPN network management with intuitive, web-based administration.

Overview

One of the primary benefits of using Access Server is that it offers a handy Admin Web UI that makes configuring network settings easier. This page overviews some common network settings you can change from the Admin Web UI.

Prerequisites

  • An installed Access Server.

  • Admin Web UI access.

Step 1: Define the dynamic and static IP address networks

Define the dynamic IP address network

By default, Access Server assigns an IP address from a default subnetwork to users that connect to the VPN. You can change this subnetwork:

  1. Sign in to the Admin Web UI.

  2. Click Configuration > VPN Settings.

  3. Under VPN IP Network > Dynamic IP Address Network, the value in the field, Network Address defines a host IP address, which you can change to your preferred network address.

  4. The field, # of Netmask bits defines the number of netmask bits, which you can change if desired.

    Tip

    We have a subnet mask cheat sheet for your use.

Define the static IP address network

To give a user profile a static IP address, you must first define the network of IP addresses that the users can be assigned by Access Server. Defining this network follows essentially the same process as defining the dynamic IP address network:

  1. Sign in to the Admin Web UI.

  2. Click Configuration > VPN Settings.

  3. Under VPN IP Network > Static IP Address Network, enter a value in the Network Address field for the subnet to use for static IP addresses.

  4. Enter a value in the # of Netmask bits field for the subnet.

Step 2: Configure VPN routing

You can configure the settings for how VPN clients communicate with private subnets within the server and whether or not internet traffic is routed through the VPN (split tunnel). You can also grant access to network services to clients connecting to the server via a gateway client.

Configure routing for private subnets within the server

  1. Sign in to the Admin Web UI.

  2. Click Configuration > VPN Settings.

  3. By default, Access Server uses NAT for the setting, Should VPN clients have access to private subnets (non-public networks on the server side)? When NAT or routing is enabled, you can enter subnets in the field, Specify the private subnets to which all clients should be given access (one per line).

    1. Choosing Yes, using NAT enables one-directional traffic to the specified private subnets. Traffic from the client is sent o the subnet but doesn't route back to the client.

    2. Choosing Yes, using Routing enables both the client and private subnets to send traffic to each other. With this setting enabled, you can choose if you want to allow private subnets access to all VPN clients' IP addresses and subnets by setting Allow access from these private subnets to all VPN client IP addresses and subnets to Yes.

Other VPN routing configurations

The remaining Routing configurations are simple toggle button options. These are settings that do not necessarily require specifications for any subnets within the server.

  • To allow internet traffic through the VPN, set Should client internet traffic be routed through the VPN? to Yes.

    Tip

    If you set this to No, this is called split-tunnel VPN or split tunneling.

  • To enable client access to network services via a VPN gateway, set Should clients be allowed to access network services on the VPN gateway IP address? to Yes.

Allow inter-client communication

You can enable communication between clients:

  1. Sign in to the Admin Web UI.

  2. Click Configuration > Advanced VPN.

  3. Under Inter-Client Communication, set Should clients be able to communicate with each other on the VPN IP Network? to Yes.

If you want only administrators to have access to VPN clients:

  1. Sign in to the Admin Web UI.

  2. Click Configuration > Advanced VPN.

  3. Under Inter-Client Communication, set Allow VPN users with Administrator privilege to access all VPN client IP addresses to Yes.

Step 3: Change VPN server network settings

Easily changing the VPN network settings is one of the major benefits of using the Access Server Admin Web UI. You can find these configurations on the Network Settings page:

  1. Sign in to the Admin Web UI.

  2. Click Configuration > Network Settings.

  3. Under VPN Server > Hostname or IP Address you can input a hostname or IP address for the server.

  4. Under VPN Server > Protocol, you can choose the network protocol you want to use: TCP, UDP, or both.

    • If you choose Multi-daemon mode, then you will have the option to define the amount of daemons for each protocol; the default is 1 daemon for each.

In this section: