VPN access through IPSec VPN client to a specific address using username/password on ATP200.

mat73cor

Hi all,

I am in need to let a customer to connect to a specif server with a static address inside my network, and to not permit any other access inside the network.
The client will be Zywall IPSec VPN client and my Firewall/router is the ATP200.

Could you please tell me if is possible this configuration, and if yes, how I can obtain it ?

Thanks in advance

Matteo

PeterUK

If the client needs a static IP this will be set in their VPN client setting which you should be a IP at the end of the IP pool of the VPN server.

If client uses user name you can limit by policy control with a rule to the server then a block rule for that user for everything else.

mat73cor

Hi Peter,
thank you for your response.

I tried to follow your suggestion and these are the rules I set:

The allow policy for the destination server and the user x, and the deny rule for all the rest and for the user x only.
Is this ok ?
My concern is related to the second rule, it should be applied only to user X, correct? It doesn't impact any other operations within the network, right? Thank you in advance

PeterUK

Yes looks fine and should only apply to the given user

The allow rule is for that user to the server but for a tighter rule do from VPN zone to the LAN zone

Zyxel_James

So the request is that only the IPSec VPN client can access the server in the local network. You would need two rules, here is my suggestion.

#1 allow ipsec vpn client to access the server
From: IPSec
To: any
Source: any
Destination: WindowsDS
Action: allow

#2 block everyone to access the server
From: any
To: any
Source: any
Destination: WindowsDS
Action: deny