Tunnel-type 2.0 client-access application

Multiple destination definitions can be combined into a single tunnel-type client-access application to simplify maintenance and to help avoid errors. You may have users who access different types of applications on their computers. With tunnel 2.0, you can configure a single tunnel-type client-access application and add many client applications.
This saves time needed to configure individual TCP-type client-access applications for each client application or an individual tunnel-type client-access application for each domain. The application pooled tunnel-type client-access application can be used for accessing print servers on private IP addresses and also access domain-based applications (having FQDN) using either TCP, UDP, or both protocols, on specific port or port ranges. Each tunnel 2.0 client application allows these parameters in each destination:

  • Different traffic protocols. TCP, UDP, or both types.

  • Domain names, host names or FQDN. Specific domains or wildcard domains.

  • IP addresses. Specific IP4 addresses with or without subnets.

  • Ports. Specify ports, port-ranges or both.

You can also have multiple destination definitions in a single tunnel-type client-access application to simplify maintenance. For example, in the tunnel-type client-access application, you can have the following five different applications located at different destinations.

tunnel exampletunnel example

Enterprise Application Access Cloud only filters this type of traffic to reach the connector to be rerouted to the data center. Any other types of traffic is blocked in the Enterprise Application Access Cloud.

DestinationProtocol (Traffic type)IP or URL (Domain Name/Host Name/IP)Port (port/port range)Description
1tcp://*.benefits.com1024Allows TCP-type traffic on port 1024 for benefits.com and other subdomains below it. *.benefits.com is a wildcard application since it allows all subdomains under a specific domain benefits.com.
2tcp://abc.com80Allows TCP-type traffic on port 80 for abc.com and no other subdomains below it.
3tcp:// TCP-type traffic on port and subnets /24 on port 80 (CIDR notation).
4udp:// UDP-type traffic on port on port ranges 1024-2048.
5all*.yourcompany.com1-65535Both TCP- and UDP-type traffic on yourcompany.com and subdomains, on all port ranges. This is a wildcard application since it allows all types of traffic, on all ports, and all subdomains under a specific domain yourcompany.com.

Your users can, for example, access destination 1 for benefits, destination 2 for getting news, destination 3 for a print server, destination 4 for a mail server, and destination 5 for all websites hosted under yourcompany.com.
With this single tunnel-type client-access application configuration - if all these conditions are satisfied - Enterprise Application Access Cloud does not block the traffic. Users can securely access all five applications on the different application servers in the data centers.
You can still block some of the subdomains for wildcard application with domain exception lists in advanced settings of application configuration.


For the application pooling capability in tunnel-type 2.0 client-access applications, upgrade your client to a recommended EAA Client 2.0.0 version (or higher).