VPN access through IPSec VPN client to a specific address using username/password on ATP200.

Options
mat73cor
mat73cor Posts: 2
First Comment

Hi all,

I am in need to let a customer to connect to a specif server with a static address inside my network, and to not permit any other access inside the network.
The client will be Zywall IPSec VPN client and my Firewall/router is the ATP200.

Could you please tell me if is possible this configuration, and if yes, how I can obtain it ?

Thanks in advance

Matteo

All Replies

  • PeterUK
    PeterUK Posts: 2,869  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    If the client needs a static IP this will be set in their VPN client setting which you should be a IP at the end of the IP pool of the VPN server.

    If client uses user name you can limit by policy control with a rule to the server then a block rule for that user for everything else.

  • mat73cor
    mat73cor Posts: 2
    First Comment
    Options

    Hi Peter,
    thank you for your response.

    I tried to follow your suggestion and these are the rules I set:

    The allow policy for the destination server and the user x, and the deny rule for all the rest and for the user x only.
    Is this ok ?
    My concern is related to the second rule, it should be applied only to user X, correct? It doesn't impact any other operations within the network, right? Thank you in advance

  • PeterUK
    PeterUK Posts: 2,869  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    edited March 7
    Options

    Yes looks fine and should only apply to the given user

    The allow rule is for that user to the server but for a tighter rule do from VPN zone to the LAN zone

  • Zyxel_James
    Zyxel_James Posts: 626  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    So the request is that only the IPSec VPN client can access the server in the local network. You would need two rules, here is my suggestion.

    #1 allow ipsec vpn client to access the server
    From: IPSec
    To: any
    Source: any
    Destination: WindowsDS
    Action: allow

    #2 block everyone to access the server
    From: any
    To: any
    Source: any
    Destination: WindowsDS
    Action: deny

Security Highlight