Behind NAT: Do not select this check box.

External IP Address: When the Behind NAT check box is not selected, this option is disabled.

Listening IP Address: Specify the IP address that SSL VPN listens on. By default, both Enterprise mode as well as Kiosk mode listen on this IP address, but Kiosk Mode listens on the TCP protocol whereas the Enterprise Mode listens on the UDP protocol.

Private Address(es): Specifies the IP address of the private interface of the network card. If you have multiple private networks, specify the private IP addresses of the servers, separated by a comma.

Encryption Port: The port to encrypt traffic. The default encryption port is 7777.

Connection Manager Port: The port on which the connection manager listens to. The default port number is 2010.

OpenVPN Subnet Address: Specify the IP address for the OpenVPN subnet, which is used with the OpenVPN Subnet Mask field to define a pool of addresses that can be dynamically assigned to clients. This information is essential to provide Enterprise mode access.

OpenVPN Subnet Mask: Specify the mask for the OpenVPN subnet, which is used to define the address pool. This information is essential to provide Enterprise mode access.

OpenVPN Port: Specify the OpenVPN port number on which the OpenVPN service listens. This information is essential to provide Enterprise mode access.

OpenVPN Protocol: Specify the OpenVPN service protocol. The protocol can either be TCP or UDP. This information is essential to provide Enterprise mode access.

Provide Additional IP Address for OpenVPN: Select this check box if you want to provide an additional listening IP address for SSL VPN in the Enterprise mode. By default, both Kiosk mode as well as Enterprise mode listens on the same IP address and port 777, but use different protocols. If you want both the modes to listen on same the protocol and port, then you can select this check box provide an additional IP address for Enterprise mode to listen in the OpenVPN Listening IP Address field. This way, kiosk mode listens on the Listening IP Address that you have configured and Enterprise mode listens on the OpenVPN Listening IP Address, while using the same port and protocol.

OpenVPN Listening IP Address: This field is enabled if you select the Provide Additional IP Address for OpenVPN check box. Specify the additional IP address that the SSL VPN will listen on in the Enterprise mode.

OpenVPN NAT External IP Address: This field is not enabled if the servers are not behind NAT.

Inactivity Timeout (Minutes): Configure the time in minutes after which an idle connection should be closed. If no data exchange takes place during the stipulated time, the connection is closed. An inactive connection is closed after a stipulated time so that the resources are freed to allow additional incoming connections. The inactivity timeout period can be one minute to 1800 minutes. The default inactive timeout period is 30 minutes.

Encryption: Select the type of encryption. It can be either AES 128 or AES 256. AES 256 is the default and recommended encryption mode.

Debug Level: Set this option to On if you want more information in the log files. This option is set to Off by default. Setting the debug level to On helps the administrator in solving any issues with the SSL VPN.

Behind NAT: Select the check box to specify that the SSL VPN Gateway is behind NAT.

External IP Address: This field is enabled when the Behind NAT check box is selected. Specify the IP address by which the external user on the Internet can access the SSL VPN server.

OpenVPN NAT External IP Address: This field is enabled if you select the Behind NAT and Provide Additional IP Address for OpenVPN check boxes. Specify the external IP address, when the server is behind NAT in the Enterprise mode. This is an optional configuration and the SSL VPN operates in Enterprise mode as well as Kiosk mode, even if this additional IP address is not provided.