This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN User DMZ Access Question

I have a VPN user (authenticating via the Astaro SSL client) who I wish to give full access to all services on my DMZ (10.0.0.x)

He needs to FTP, SFTP, SSH, HTTP, HTTPS, etc. so I'd rather just give him trusted access to all services within the DMZ only.

How would I do this?

My DMZ network: 10.0.0.x
VPN user receives an IP of: 10.242.2.6
My LAN (not DMZ): 192.x.x.x

Assuming that he will only have FTP, SFTP, SSH, etc. access when LOGGED-IN (not externally), I guess a Packet Filter rule (no DNAT rule) is all I need?

Some guidance is much appreciated! Thanks

This thread was automatically locked due to age.

Parents

0 BAlfson over 15 years ago

The "standard" approach would be to add "DMZ (Network)" to 'Local networks' in the SSL Remote Access configuration. If it's there already, then there's a different problem.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 Jack Daniel over 15 years ago in reply to BAlfson

As Bob said, adding the DMZ to the allowed networks (and selecting automatic packet filter rules) is the common approach. To limit access, you would need packet filter rules like those you listed, and make sure the "automatic packet filter rules" checkbox is not checked.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Jack Daniel over 15 years ago in reply to BAlfson

As Bob said, adding the DMZ to the allowed networks (and selecting automatic packet filter rules) is the common approach. To limit access, you would need packet filter rules like those you listed, and make sure the "automatic packet filter rules" checkbox is not checked.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data