How can the SVN3000 Network Extension Enable Automatic IP Address Identification by the Payment Web Site?

Publication Date:  2012-07-20 Views:  103 Downloads:  0
Issue Description
A university is a member of a payment paper download Web site. The staff on campus can visit the Web site by clicking the link on the portal of the university. The Web site identifies the visitors by IP addresses. If the IP address belongs to a legal member, the visitor can access the Web site without entering the account and password.
The university requires that its staff who are on business trips can also visit the Web site without entering the account and password after they access the intranet through VPN.
Alarm Information
None
Handling Process
Use the public IP address of the payment Web site as the destination IP address, and add the destination route by using the client routing mode of network extension. The client will automatically add a host route to the IP address of the payment Web site on the intranet.
Configuration procedures are as follows:
1.      Add the public IP address of the payment Web site as the destination IP address in client routing mode. Set the client routing mode to manual mode.
2.      An internet user logs in through the SSL VPN. Network extension is enabled. The intranet IP address is obtained. See the following figure.
3.      Run the route print command to view the host routing table. The route is added successfully, as shown in the following figure.
4.      The internet user accesses the payment Web site through the portal of the university again. The Web site can identify the user account, as shown in the red frame in the picture. As a result, the internet user can obtain the resources on the payment Web site.
Root Cause
1.      The university uses the SVN3000, which can obtain the intranet IP address by using the SSL VPN network extension function. Intranet users can access intranet applications such as databases. The speed is lower.
2.      However, internet users have public IP addresses, which are identified as illegal by the payment Web site.
3.   If the client is notified of the public IP address of the payment Web site which function as the destination route, the client can access the Web site by using the virtual network adapter with a legal IP address.
Suggestions
None

END