Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 14 replies
  • Subscribers 3 subscribers
  • Views 2266 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN User DMZ Access Question

Dakrisht
I have a VPN user (authenticating via the Astaro SSL client) who I wish to give full access to all services on my DMZ (10.0.0.x)

He needs to FTP, SFTP, SSH, HTTP, HTTPS, etc. so I'd rather just give him trusted access to all services within the DMZ only.

How would I do this?

My DMZ network: 10.0.0.x
VPN user receives an IP of: 10.242.2.6
My LAN (not DMZ): 192.x.x.x

Assuming that he will only have FTP, SFTP, SSH, etc. access when LOGGED-IN (not externally), I guess a Packet Filter rule (no DNAT rule) is all I need?

Some guidance is much appreciated! Thanks


This thread was automatically locked due to age.
Parents
  • 0
    Hi Jack, why would either DNAT or Masq be needed?

    Dakrisht, you have 'auto packet filter' on the VPN, or you've got this rule enabled, right?

    Source: VPN Pool (SSL)
    Service: Any
    Destination: DMZ (Network)
    Action: Allow

    The IPs of your VPN pool don't conflict with your DMZ, right?

    Barry
Reply
  • 0
    Hi Jack, why would either DNAT or Masq be needed?

    Dakrisht, you have 'auto packet filter' on the VPN, or you've got this rule enabled, right?

    Source: VPN Pool (SSL)
    Service: Any
    Destination: DMZ (Network)
    Action: Allow

    The IPs of your VPN pool don't conflict with your DMZ, right?

    Barry
Children
  • 0 in reply to BarryG
    Hi Barry, I was afraid someone would ask that.  I have found that sometimes VPN traffic only works reliably when it is NAT'd into the local segment.  Sometimes it is because of network configuration on the internal segment, but sometimes it seems to defy logic (but it works).