Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  Split Tunneling for Remote Client VPN on SSG 140

    Posted 05-12-2017 19:42

    Hi everyone;

     

    I have created a remote access VPN (Dialup VPN) for remote client who will use ShrewSoft VPN client.  I would like to disable the split tunneling while it is connected, I do not want the user access to the internet from their own device while the Remote VPN tunnel is built.

     

    I cannot find the "split tunnel" feature on SSG 140 interface, if anyone know how to do it, can you share your experience?

     

    thx!



  • 2.  RE: Split Tunneling for Remote Client VPN on SSG 140
    Best Answer

    Posted 05-13-2017 09:19

    I don't have access to systems to verify anymore so this is from memory.

     

    In Shrew soft client you need to select the "tunnel all" option to turn off split tunneling.  This will generate an automatic default route up the tunnel once connected.

     

    On the SSG you then need to be sure there is an internet nat policy and security policy from the zone and ip addresses in your pool for the dynamic clients.  The internet browsing will come from that pool ip and zone and go to your untrust or internet zone.  Both nat and security policies need to be in place.



  • 3.  RE: Split Tunneling for Remote Client VPN on SSG 140

    Posted 05-13-2017 17:53

    thanks!

     

    I will try "tunnel all" option on Shrew Soft client to see how it works.