Virtual IP addresses for VPN clients
You can use a Virtual Adapter to assign the VPN client an IP address in the VPN, independent of the address the VPN client computer uses in its local network.
The virtual IP address is only used in communications through the VPN tunnels. The VPN gateway gets the IP address and network settings of the Forcepoint VPN Client from the an external DHCP server and forwards the information to the Forcepoint VPN Client. For one-way access without DNS resolving, the VPN gateway can alternatively be set up to apply NAT to translate the Forcepoint VPN Client connections. This method is meant for testing purposes.
The VPN gateway specifies the destination IP addresses for traffic that the Forcepoint VPN Client sends into the VPN tunnel. The IP addresses are configured as Site elements for each gateway in the Management Client. When the Sites contain specific internal networks, the Forcepoint VPN Client receives a configuration for split tunneling. Split tunneling means that only the specified portion of traffic uses the VPN tunnel, and other connections use the local network as usual.
- You must use an external DHCP server to assign the IP addresses.
- The users must use a VPN client that has a Virtual Adapter feature. The Forcepoint VPN Client always has this feature installed and active.
Most DHCP servers allow a configuration in which a particular client computer is always assigned a particular IP address. For example, the DHCP server might assign the IP address based on the MAC address if VPN clients have fixed MAC addresses for their Virtual Adapters. By default, when the Forcepoint VPN Client virtual adapter requests an IP address, it uses the MAC address of the physical interface used in the VPN connection.