Configuration Chapter 3:
Proxy ARP Configuration
Stunnel IP Pool
IP address pool specifies the number of IP addresses available to be assigned to each SSL
VPN client.The permissible format is to specify a valid IP address or a range of IP Addresses,
for example 10.10.10.2 or 10.10.10.2-100. Overlapping IP Address ranges are not supported.
Care must be taken to isolate the peer IP Address pool from the configured Server IP Address.
It is important to remember that every incoming session requires a unique IP Address to be
assigned from the IP Pool. If the numbers of addresses in the pool are not adequate, it imposes
a limitation on the max simultaneous Stunnel connections, irrespective of configured 'Max
Clients' parameter value. By default, this list is empty. If you have added some value in IP pool
range, it will only become effective after the next restart of Stunnel.
Note: Remove addresses from the DHCP server or servers on the LAN that will be used by
the VPN Concentrator’s address pool. The IP address pool must be part of the VPN LAN
subnet, and must not overlap with the pool used by the DHCP server on the same subnet.
18.104.22.168 SSL VPN Databases
The SSL VPN service makes use of the following databases:
•MAC Address Whitelist
•MAC Address Blacklist
Enable Stunnel Proxy ARP Proxy ARP is used to create a bridge between phones on the
LAN side and the phone connected through SSL VPN. The
VPN Concentrator uses its own MAC address to receive the
IP packets on behalf of all the remote phones and then routes
the IP packets to the remote phones.