The Remote Access Service (RAS) uses Destinations to define which network resources can be accessed by VPN users and for split tunneling.


What are Destinations?


A destination is a custom named IP network resource (or more) which the RAS service administrator defines. Each destination has a name and a network destination - the actual network resource(s). The table below lists the possibilities.


Name (user defined)Network Destination (user defined)Description
My Internal Network192.168.1.0/24An entire subnet
My Host192.168.1.123A specific host
My Host on port 8080192.168.1.123:8080A specific host but only port 8080
My Network on port 8080192.168.1.0/24:8080An entire subnet but only port 8080
All Hosts on port 22*:22All hosts, only port 22
My Internal Networks192.168.1.0/24, 192.168.2.0/24Multiple subnets
My Internal Networks on ports 80 and 443192.168.1.0/24:80, 192.168.1.0/24:443An entire subnet but only ports



Create Destinations


Destinations are needed when you

  • configure the RAS service and want to route only specific subnet(s) through the VPN tunnel - split tunneling
  • configure access control listst (ACL) for VPN users 


When configuring the RAS service and you want to route only a specific subnet through the VPN tunnel:

  • On the Remote Access Service Settings page - Route via VPN tunnel - choose the option Specific Destinations. A new section is displayed, with a Add new link and a dropdown that allows selecting destinations.
  • Click on Add new will open up a window that allows configuring destinations.
    Enter the Name and Network Destination. Click Add to add the destination to the list. Click Save when you are done, you will be returned to the previous page.

  • Select the destination to route through the VPN tunnel from the list and click Save.


When enabling VPN for users, you can choose to limit their access to specific destinations.

  • On the Remote Access page, select the Destinations tab of your RAS server
  • Click Edit to manage Destinations
  • Add Destinations according to your needs. Click Save when you are done.
  • Click on the ACL tab then choose Grant Access to add a new VPN user
  • Select the user you wish to grant access and choose Access type: Restricted to the following destinations. Select the destinations to which the user should have access. Click Save to finish.