Faqs, Chapter 6 - faqs -1 – Citrix Systems 9000 Series User Manual

SSL VPN User’s Guide

6-1

Chapter 6

FAQs

Why does the SSL VPN need a Windows account with administrative

privileges?
The SSL VPN browser plug-in inserts a new layer between the application and

Windows Kernel. This operation requires administrative privilege in a Windows

account.

Why does SSL VPN not work with MS Windows 9x?
The MS Windows 9x operating system does not support encryption/ decryption

for SSL/SSPI, which is required for SSL VPN. If the plug-in identifies that the

encryption library is not installed, it will display an error message page. Click

the hyperlink "Click Me" in the error message page to install the required

encryption library (dsclient.exe). Please follow the instructions provided by the

software to install the encryption library and reboot the machine after the

installation. The dsclient.exe encryption library is provided by Microsoft.

Does SSL VPN use a client side IP address?
Unlike the traditional IPSec VPN, the SSL VPN does not set an IP address on

the client machine. The plug-in uses the client machine's original IP address to

connect to the SSL VPN Web site. This depends on the configuration of the

system. If the USIP (use source IP) is enabled, the server will see the client IP

address. Otherwise the server will not see the client IP address.

How does the SSL VPN browser plug-in make routing decisions?
The SSL VPN server forwards the configured static routing entries in the sys-

tem to the remote user's plug-in. The plug-in then intercepts and tunnels all

the connections to the SSL VPN server. These connections are tunneled to the

SSL VPN server only if the destination IP matches with the downloaded routing

entries/subnet. If the match is not found, then the connections are not tun-

neled and are routed to the remote client machine's default router.
When is configured for split tunnel OFF, all traffic will be tunneled into the sys-

tem.