The Internet Only option is used to specify that all devices on the network have access only to the Internet, without VPN access. This is accomplished using policy routing statements within the AT&T VPN Gateway. Dynamic routing protocols that are run through the tunnel to advertise the VPN Gateway local networks will not include reference to any networks which have the Internet Only option specified. The Internet Only option can be set through the AT&T Administration Server configuration for Local LAN Aliases, Cascaded Networks, and for VLANs.

The VPN Only option is used to specify that all devices on the network have access only to the VPN, with no Internet access. The VPN Only option can be set through the AT&T Administration Server configuration for VLANs. If a Cascaded Network is attached to a VPN Only configured VLAN, the Cascaded Network will have VPN Only access unless the Internet Only option is set for the Cascaded Network in the AT&T Administration Server. If set, the Internet Only option will take precedence and a Cascaded Network configured as Internet Only attached to a VLAN configured as VPN Only will have access limited to the Internet.

The Maintenance Only option provides the ability to reach any of the VPN Gateway interface addresses and any other hosts in the Maintenance only VLAN, but no other network addresses. The restriction includes other VLANs, Cascaded networks, Aliases, the Internet, and the VPN tunnel. Dynamic routing protocols that are run through the tunnel to advertise the VPN Gateway local networks will not include reference to any Maintenance Only VLANs.