USG 1000 Restricting access through a site to site tunnel
Hi,
Our central office has a USG1000 with several site to site ipsec tunnels coming from our remote divisions. The local network on our end is "wide open" to our divisions. No issue there. We will be doing business with a 3rd party who also wants a site to site tunnel to the central officed. We only want this 3rd party to have access to 2 machines with a specific port number. As traffic comes through the tunnel from the remote 3rd party how do we restrict them to the 2 machines. Any help would be appreciated as we have never restricted a tunnel before and it is a bit over my head.
Thanks!
Our central office has a USG1000 with several site to site ipsec tunnels coming from our remote divisions. The local network on our end is "wide open" to our divisions. No issue there. We will be doing business with a 3rd party who also wants a site to site tunnel to the central officed. We only want this 3rd party to have access to 2 machines with a specific port number. As traffic comes through the tunnel from the remote 3rd party how do we restrict them to the 2 machines. Any help would be appreciated as we have never restricted a tunnel before and it is a bit over my head.
Thanks!
0
Comments
-
I think the rule in Polisy Route will help you: in Source to specify a remote subnet of the new client, in Destination to specify group of the PCs necessary to you from your network , in Service necessary ports and NH vpn tunnel.
0 -
@CaptSQL
I would like to confirm the below information.
1. Do you want the PCs which behind third party device only can access to Server with specific port and servers are in the local policy?
2. Does your topology is like this:
Servers----USG1000---VPN connection---3rd party----PCs
If yes, you need to set the configuration as below
First rule
Second rule
Charlie
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight