60 Chapter 2 Customizing the client
311644-J Rev 00
When operating in IPsec mobility mode with split tunneling enabled, the
Contivity VPN Client does not consider the routing table to be maliciously altered
and will not bring down the tunnel in the following cases:
• IP address change for any adapter
• Adapter has been removed
• Adapter is plugged in and connects
Inverse split tunneling
Using the 0.0.0.0/0 subnet wildcard
To configure auto-detection on directly connected local subnets, add a subnet of
0.0.0.0 with a 0.0.0.0 mask to the inverse split tunnel networks list on the CES.
The 0.0.0.0/0 is simply a wildcard to be expanded. When the Contivity VPN
Client receives the list of inverse split networks, it expands the 0.0.0.0 to include
all of the directly connected local subnets detected on the host. Any additional
subnets in a list are processed as before.
After expansion, traffic destined for these subnets is allowed to flow outside of the
tunnel. This option is valid for both the Inverse Split and Inverse Split (Locally
Connected) modes, but it is really only useful for the first variant. The subnets
generated by the 0.0.0.0/0 expansion always pass the Locally Connected test
since, by definition, they must be locally connected. Any additional subnets listed
are either duplicates of the wildcard expansion or would not pass the test.
Configuring the subnet wildcard
To configure the subnet wildcard:
1 Select Profiles > Groups > Edit > IPsec.
Figure 23 on page 61 shows the Edit > IPsec page with Inverse split tunneling.
To Next Page
Loading...