Skip to main content

Tutorial: Configure Network Settings with the Admin Web UI

Abstract

Access Server's Admin Web UI simplifies VPN network management with an intuitive, web-based administration interface.

Overview

One of the primary benefits of using Access Server is that it provides a convenient Admin Web UI, making network configuration easier. This page provides an overview of standard network settings that you can change from the Admin Web UI.

Prerequisites

  • An installed Access Server.

  • Admin Web UI access.

Step 1: Define the dynamic and static IP address networks

Define the dynamic IP address network

By default, Access Server assigns an IP address from a default subnetwork to users who connect to the VPN. You can define this subnetwork:

  1. Sign in to the Admin Web UI.

  2. Click VPN Server.

  3. Click the Subnets tab.

  4. Enter your preferred Dynamic subnet for the Default VPN client address pool.

  5. Click Save and Restart.

Define the static IP address network

To assign a static IP address to a user profile, you must first define the network of IP addresses that users can be assigned by Access Server. Defining this network follows essentially the same process as defining the dynamic IP address network:

  1. Sign in to the Admin Web UI.

  2. Click VPN Server.

  3. Click the Subnets tab.

  4. Enter your preferred Static subnet in the Static IP address pool.

  5. Click Save and Restart.

Step 2: Configure VPN routing

You can configure the settings for how VPN clients communicate with private subnets within the server and whether or not internet traffic is routed through the VPN (split tunnel). You can also grant access to network services to clients connecting to the server via a gateway client.

Configure routing for private subnets within the server

  1. Sign in to the Admin Web UI.

  2. Click Access Controls.

  3. Click the Global Access Rules tab.

  4. By default, Access Server uses NAT when you specify Subnets on this tab.

    • NAT (Network Address Translation): Enables one-way traffic from VPN clients to private subnets. While VPN clients can send traffic to resources in the private subnet, responses are sent back to Access Server, which then routes the traffic to the correct client. Traffic from the private subnet doesn't directly return to the VPN clients.

    • Routing: Allows two-way traffic between VPN clients and private subnets. With routing enabled, both the VPN clients and the private network can send traffic to each other. You can optionally configure Access Server to allow private subnets to access all VPN clients' IP addresses and subnets by enabling Route and then specifying the private subnets.

  5. Click Save and Restart.

Other VPN routing configurations

The remaining routing configurations are simple toggle button options. These are settings that don't necessarily require specifications for any subnets within the server.

  • Full-tunnel or split-tunnel VPN: Route all or only specific traffic across the VPN by setting this up.

    1. Click Access Controls.

    2. Click the Internet Access and DNS tab.

    3. Set your preference for Internet gateway between Full-tunnel and Split-tunnel.

    4. Click Save and Restart.

  • VPN gateway: Enable client access to network services via a VPN gateway.

    1. Click Access Controls.

    2. Click the InterClient Communication tab.

    3. Turn Access to the internal gateway address to On.

    4. Slick Save and Restart.

Allow inter-client communication

You can enable communication between clients:

  1. Sign in to the Admin Web UI.

  2. Click Access Controls.

  3. Click the InterClient Communication tab.

  4. Under Global InterClient Communication, select Allow user-to-user connections.

  5. Click Save and Restart.

If you want only administrators to have access to VPN clients:

  1. Sign in to the Admin Web UI.

  2. Click Access Controls.

  3. Click the InterClient Communication tab.

  4. Under Global InterClient Communication, select Admins can access all users.

  5. Click Save and Restart.

In this section: