VPN access through IPSec VPN client to a specific address using username/password on ATP200.
Hi all,
I am in need to let a customer to connect to a specif server with a static address inside my network, and to not permit any other access inside the network.
The client will be Zywall IPSec VPN client and my Firewall/router is the ATP200.
Could you please tell me if is possible this configuration, and if yes, how I can obtain it ?
Thanks in advance
Matteo
All Replies
-
If the client needs a static IP this will be set in their VPN client setting which you should be a IP at the end of the IP pool of the VPN server.
If client uses user name you can limit by policy control with a rule to the server then a block rule for that user for everything else.
0 -
Hi Peter,
thank you for your response.
I tried to follow your suggestion and these are the rules I set:
The allow policy for the destination server and the user x, and the deny rule for all the rest and for the user x only.
Is this ok ?
My concern is related to the second rule, it should be applied only to user X, correct? It doesn't impact any other operations within the network, right? Thank you in advance0 -
Yes looks fine and should only apply to the given user
The allow rule is for that user to the server but for a tighter rule do from VPN zone to the LAN zone
0 -
So the request is that only the IPSec VPN client can access the server in the local network. You would need two rules, here is my suggestion.
#1 allow ipsec vpn client to access the server
From: IPSec
To: any
Source: any
Destination: WindowsDS
Action: allow#2 block everyone to access the server
From: any
To: any
Source: any
Destination: WindowsDS
Action: deny0
Categories
- All Categories
- 396 Beta Program
- 2.1K Nebula
- 117 Nebula Ideas
- 81 Nebula Status and Incidents
- 5.1K Security
- 86 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 916 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 337 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 2K FAQ
- 912 Nebula FAQ
- 419 Security FAQ
- 237 Switch FAQ
- 207 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 139 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 62 Security Highlight