cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot pass domain's public IP address to a specific website.

SOLVED
xpkranger_
Occasional Contributor

Cannot pass domain's public IP address to a specific website.

Using an SA6000 5.5R3 - When our users are here at work, they have a link to the Wall Street Journal. WSJ looks for our public IP address and ok's access as long as the user comes from our IP address. I am using split tunneling. When the users are away from the office and using Network Connect, the WSJ link fails because the user is not coming in from our firm's public IP address.

Is there any way (short of denying split tunneling) that I can pass our firm's public address along to WSJ from the end users when using Network Connect?

I have opened a ticket with JTAC and will post the solution here if I get one from them first.

1 ACCEPTED SOLUTION

Accepted Solutions
firewall72_
Frequent Contributor

Re: Cannot pass domain's public IP address to a specific website.

Hi,

You can add a Split tunneling Network policy (Users, Resource Policies, Network Connect, Split Tunneling Networks) for the desitnation web server. For example, if the WSJ IP was 201.1.2.3, you would add "201.1.2.3/32" as a resource. This would route web traffic to WSJ via the Virtual Adapter/SSL tunnel when Network Connect is enabled. This will allow you to selectively route specific routes via the SSL without disabling split tunneling. If you are using a Network Connect access policy, you will also need to enable this host.


Rgds,

John

View solution in original post

3 REPLIES 3
firewall72_
Frequent Contributor

Re: Cannot pass domain's public IP address to a specific website.

Hi,

You can add a Split tunneling Network policy (Users, Resource Policies, Network Connect, Split Tunneling Networks) for the desitnation web server. For example, if the WSJ IP was 201.1.2.3, you would add "201.1.2.3/32" as a resource. This would route web traffic to WSJ via the Virtual Adapter/SSL tunnel when Network Connect is enabled. This will allow you to selectively route specific routes via the SSL without disabling split tunneling. If you are using a Network Connect access policy, you will also need to enable this host.


Rgds,

John

View solution in original post

xpkranger_
Occasional Contributor

Re: Cannot pass domain's public IP address to a specific website.

Excellent! That did it. Thanks a ton!
xpkranger_
Occasional Contributor

Re: Cannot pass domain's public IP address to a specific website.

I guess I'm still confused as to why it works though. The "Split Tunneling Enforced" policy seen below specifically requires split tunneling, yet the rule that I just constructed above it seems to deny split tunneling for the WSJ site for all but a few roles. Yet it all somehow works.

Network Connect - Split Tunneling