2.7.4. Inband destination selection

Inband destination selection allows you to create a single connection policy and allow users to access any server by including the name of the target server in their username (for example, ssh username@targetserver:port@scb_address). PSM can extract the address from the username and direct the connection to the target server.

Figure 2.11. Inband destination selection

Inband destination selection

Since some client applications do not permit the @ and : characters in the username, therefore alternative characters can be used as well:

  • To separate the username and the target server, use the @ or % characters, for example: username%targetserver@scb_address

  • To separate the target server and the port number, use the :, +, or / characters, for example: username%targetserver+port@scb_address

You can use both IPv4 and IPv6 addresses with inband destination selection. For IPv6 addresses, add square brackets to separate the address and the port number:


When Network Level Authentication (NLA) is disabled, you can omit the username when starting an RDP connection (for example, use only %targetserver). The user can type the username later in the graphical login screen. However, the username must be specified if Network Level Authentication (NLA) is used in the connection.

For other details on inband destination selection in RDP connections, see Section 10.9, Inband destination selection in RDP connections.

You can find examples of using inband destination selection in Section 22.3, Using inband destination selection in SSH connections.