Restrict access to specific vlan - windows inbuilt client

DOK
DOK Posts: 10  Freshman Member
First Comment Friend Collector Fourth Anniversary

Hi!
I've successfully managed to setup an ipsec/ikev2 vpn using windows 10 native client following this guide:

https://support.zyxel.eu/hc/it/articles/4439075779090-VPN-Configurare-IKEv2-IPSec-con-certificato-su-Android-iPhone-iOS-Windows-MacOS

Now I'd like to restrict the landing subnets for vpn clients. I've tried to change the "local policy" to the vlan subnet (in vpn - ipsec vpn- vpn connection - edit - local policy) to the specific vlan i'd like to give access to the clients. It works, once connected, a client can ping and reach the whole selected vlan and cannot reach anything else, but It can't also reach internet anymore. What should I change to make the clients reach a specific vlan and also internet?

All Replies

  • PeterUK
    PeterUK Posts: 3,316  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Set local policy to 0.0.0.0

    Use control policy to Restrict VPN zone to VLAN and WAN

Security Highlight