3 managing domain conflicts -11, 3 managing domain conflicts – Citrix Systems 9000 Series User Manual

Page 45

Advertising
background image

Configuring the SSL VPN Client

SSL VPN User’s Guide

4-11

when Split Tunneling is enabled. This setting has three options; Local, Remote,

and Both.

Local

: When you choose the Local option, all DNS lookups are sent to the

DNS server on your local LAN. If you are connected to the Internet, the

lookups are sent to your ISP’s DNS server.

Remote

: When you choose the Remote option, all DNS lookups are sent to

the remote DNS server via the SSL VPN tunnel.

Both

: Finally, when you choose Both, the lookups are sent to both the local

and remote DNS servers simultaneously. This could result in domain name

conflicts. Such conflicts can be resolved by using the settings described in

4.2.3, “Managing Domain Conflicts”.

The following procedure lists the steps to configure split DNS. In this example,

Split DNS is set to Both.
1. Right-click the agent in the Windows system tray and select

Configuration

from the short-cut menu. The Configuration dialog box is displayed as

shown in Figure 4-3.
If you are using the plug-in, click

Configuration

on the plug-in window.

The Configuration dialog box is displayed as shown in Figure 4-3.

2. Click the

Profile

tab. The Profile pane is displayed. This pane displays all

the configuration details of the profile such as the IP address of the SSL

VPN gateway, the split tunneling setting, the build number of the system

software on the gateway, etc.

3. Click

Change Profile

to modify the configuration details of the profile. The

Change Profile dialog box is displayed as shown in Figure 4-4.

4. In the

DNS /WINS Lookup

group box, select

Both

and click

OK

. The

updated configuration details of the profile are displayed.

4.2.3

Managing Domain Conflicts

The previous section covered the concept of Split DNS. In addition, it also

explained the Both setting. When Split DNS is configured in the Both mode,

the DNS lookups are simultaneously sent to both local and remote DNS serv-

ers. As a result, there are chances of domain name conflicts if domains with

the same names exist on both the remote and local networks. This can be

avoided by configuring the client with domain names that might potentially

cause a conflict. This is illustrated in the following example.
A remote private network has a domain named ABC.example. A client, con-

necting to this network, also has a domain named ABC.example in its local

network. When you type http://ABC.example in the browser window, and Split

DNS is set to Both, the client performs a domain name lookup on both the

Advertising
Popular Brands
Popular manuals