Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Network Connect Resource Policy Configuration Use Case

    This topic describes a real-world Network Connect application and the steps necessary to configure the appropriate resource policy providing access to remote users on the network.

    Large financial institutions (also called “Fortune Companies”) require a robust client sign-in application like Network Connect to help provide remote employees seamless network connection to a large range of enterprise resources at the corporate headquarters. Often, remote users need to be able to access multiple applications on their laptops/client machines beyond simple Email or meeting scheduling applications. These remote “super users” or “power users” require secure, encrypted access to powerful server applications like Microsoft OutlookTM, OracleTM databases, and the RemedyTM case management system.

    For this scenario, let’s assume the following:

    • There is a small collection of remote users who will all access their financial institution’s enterprise resources via the same SA Series Appliance.
    • All the users have the same “user_role_remote” role assigned to their user ID
    • Host Checker and Cache Cleaner are configured and verifying the users’ machines upon logging into the SA Series Appliance and launching their Network Connect sessions
    • All users require access to three large servers at the corporate headquarters with the following attributes:
      • “outlook.acme.com” at IP address 10.2.3.201
      • “oracle.financial.acme.com” at IP address 10.2.3.202
      • “case.remedy.acme.com” at IP address 10.2.3.99
    • Because the Company wants to manage their IP address pool very strictly, each SA Series Appliance provides IP addresses to remote users (our particular SA Series Appliance controls the IP addresses between 10.2.3.128 and 10.2.3.192)
    • The company is interested in the most secure access possible, simultaneously accepting only the least possible amount of client down-time

    To configure a Network Connect resource policy providing appropriate access to the Fortune Company remote users:

    1. Create a new Network Connect resource policy where you specify the three servers to which you want to grant remote users access:
      1. In the Resources section, specify the IP address ranges necessary to allow access to the three servers (“outlook.acme.com,” “oracle.financial.acme.com,” and “case.remedy.acme.com”) separated by carriage returns.
        udp://10.2.3.64-127:80,443
        udp://10.2.3.192-255:80,443

        Note: Configuring your resource as 10.1.1.1-128:* is not supported. Doing so will result in an error.

      2. In the Roles section, select the Policy applies to SELECTED roles option and ensure that only the “user_role_remote” role appears in the Selected roles list.
      3. In the Action section, select the Allow access option.
    2. Create a new Network Connect connection profile where you define the transport and encryption method for the data tunnel between the client(s) and the SA Series Appliance:
      1. In the IP address assignment section, select the IP address pool option and enter 10.2.3.128-192 in the associated text field.
      2. In the Connection Settings section, select the ESP transport option and the AES/SHA1 encryption option.
      3. In the Roles section, select the Policy applies to SELECTED roles option and ensure that only the “user_role_remote” role appears in the Selected roles list.

    Published: 2011-03-14