Forum Discussion
Kyle_S_52590
Nimbostratus
We have implemented Route Domains to isolate our SSL VPN users. It works very well and in our APM Access Policy we use the object Route Domain and SNAT selection. You will have to create self-ip addresses, routes, and pool selections. The trick is to remember to use the % with everything. So the route domain you create is SSL_VPN Route ID 1, everything associated in that route domain needs to end with %1. The default route would be destination 0.0.0.0%1 use gateway 192.168.1.1%1. A self-ip for this domain would be 192.168.2.1%1. Even nodes can have the same IP addresses as long as they are placed in the correct route domain. I hope this helps.
Grayson_149410
Oct 16, 2014Nimbostratus
So I assume the Vs we have for the VPN would also need the %1 correct?
Right now we have our DMZ as the core default route (192.168.0.0)
And we want to use our other network 10.80.x.x for the VPN.