Citrix Systems 9000 Series User Manual

SSL VPN User’s Guide

6-1

Chapter 6

FAQs

privileges? 
The SSL VPN browser plug-in inserts a new layer between the application and 

Windows Kernel. This operation requires administrative privilege in a Windows 

account.

Why does SSL VPN not work with MS Windows 9x? 
The MS Windows 9x operating system does not support encryption/ decryption 

for SSL/SSPI, which is required for SSL VPN. If the plug-in identifies that the 

encryption library is not installed, it will display an error message page. Click 

the hyperlink "Click Me" in the error message page to install the required 

encryption library (dsclient.exe). Please follow the instructions provided by the 

software to install the encryption library and reboot the machine after the 

installation. The dsclient.exe encryption library is provided by Microsoft. 

Does SSL VPN use a client side IP address? 
Unlike the traditional IPSec VPN, the SSL VPN does not set an IP address on 

the client machine. The plug-in uses the client machine's original IP address to 

connect to the SSL VPN Web site. This depends on the configuration of the 

system. If the USIP (use source IP) is enabled, the server will see the client IP 

address. Otherwise the server will not see the client IP address. 

How does the SSL VPN browser plug-in make routing decisions? 
The SSL VPN server forwards the configured static routing entries in the sys-

tem to the remote user's plug-in. The plug-in then intercepts and tunnels all 

the connections to the SSL VPN server. These connections are tunneled to the 

SSL VPN server only if the destination IP matches with the downloaded routing 

entries/subnet. If the match is not found, then the connections are not tun-

neled and are routed to the remote client machine's default router. 
When is configured for split tunnel OFF, all traffic will be tunneled into the sys-

tem.