Device Tunnel - explicit routes

1. <VPNProfile>
2.     <NativeProfile>
3.         <Servers>public.vpn.server</Servers>
4.        
5.         <NativeProtocolType>IKEv2</NativeProtocolType>
6.        
7.         <Authentication>
8.             <MachineMethod>Certificate</MachineMethod>
9.         </Authentication>
10.        
11.         <CryptographySuite>
12.             <AuthenticationTransformConstants>SHA256128</AuthenticationTransformConstants>
13.             <CipherTransformConstants>AES256</CipherTransformConstants>
14.             <DHGroup>Group14</DHGroup>
15.             <EncryptionMethod>AES256</EncryptionMethod>
16.             <IntegrityCheckMethod>SHA256</IntegrityCheckMethod>
17.             <PfsGroup>PFS2048</PfsGroup>
18.         </CryptographySuite>
19.        
20.         <RoutingPolicyType>SplitTunnel</RoutingPolicyType>
21.        
22.         <!-- disable the addition of a class based route for the assigned IP address on the VPN interface -->
23.         <DisableClassBasedDefaultRoute>true</DisableClassBasedDefaultRoute>
24.     </NativeProfile>
25.    
26. <!-- Routing - Hostrouten sind empfohlen! -->
27.     <!-- DNS Server -->
28.     <Route>
29.         <Address>10.50.56.33</Address>
30.         <PrefixSize>32</PrefixSize>
31.     </Route>
32.     <Route>
33.         <Address>10.50.56.34</Address>
34.         <PrefixSize>32</PrefixSize>
35.     </Route>
36.     <!-- Domain Controller -->
37.     <Route>
38.         <Address>100.10.2.13</Address>
39.         <PrefixSize>32</PrefixSize>
40.     </Route>
41.     <Route>
42.         <Address>100.10.2.14</Address>
43.         <PrefixSize>32</PrefixSize>
44.     </Route>
45.     <Route>
46.         <Address>10.50.57.13</Address>
47.         <PrefixSize>32</PrefixSize>
48.     </Route>
49.     <Route>
50.         <Address>100.20.2.13</Address>
51.         <PrefixSize>32</PrefixSize>
52.     </Route>
53.     <!-- DFS Server -->
54.     <Route>
55.         <Address>10.50.60.53</Address>
56.         <PrefixSize>32</PrefixSize>
57.     </Route>
58.     <Route>
59.         <Address>10.50.60.54</Address>
60.         <PrefixSize>32</PrefixSize>
61.     </Route>
62.     <!-- Fileserver -->
63.     <Route>
64.         <Address>10.50.60.67</Address>
65.         <PrefixSize>32</PrefixSize>
66.     </Route>
67.     <Route>
68.         <Address>10.50.60.68</Address>
69.         <PrefixSize>32</PrefixSize>
70.     </Route>
71.     <Route>
72.         <Address>10.50.60.69</Address>
73.         <PrefixSize>32</PrefixSize>
74.     </Route>
75.     <!-- Baramundi -->
76.     <Route>
77.         <Address>10.50.60.88</Address>
78.         <PrefixSize>32</PrefixSize>
79.     </Route>
80.     <!-- WSUS -->
81.     <Route>
82.         <Address>10.50.60.126</Address>
83.         <PrefixSize>32</PrefixSize>
84.     </Route>
85.     <!-- ESET -->
86.     <Route>
87.         <Address>10.50.63.72</Address>
88.         <PrefixSize>32</PrefixSize>
89.     </Route>
90.     <!-- WPAD / EMSL -->
91.     <Route>
92.         <Address>10.50.63.45</Address>
93.         <PrefixSize>32</PrefixSize>
94.     </Route>
95.     <!-- SUB CA -->
96.     <Route>
97.         <Address>10.50.60.47</Address>
98.         <PrefixSize>32</PrefixSize>
99.     </Route>
100. <!-- traffic filters for the routes specified above so that only this traffic can go over the device tunnel
101.     <TrafficFilter>
102.         <RemoteAddressRanges>100.10.2.13,100.10.2.14,10.50.57.13,100.20.2.13,10.50.60.88,10.50.60.126,10.50.63.72,10.50.63.45</RemoteAddressRanges>
103.     </TrafficFilter> -->
104. <!-- need to specify always on = true -->
105.     <AlwaysOn>true</AlwaysOn>
106. <!-- new node to specify that this is a device tunnel -->
107.     <DeviceTunnel>true</DeviceTunnel>
108. <!--new node to register client IP address in DNS to enable manage out -->
109.     <RegisterDNS>true</RegisterDNS>
110.  <!-- inside/outside detection -->
111.     <TrustedNetworkDetection>network.local</TrustedNetworkDetection>
112. </VPNProfile>