Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 3055 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restrict SSL VPN access to internal hosts

jmmacip
I'm trying to restrict access to a number og hosts in my internal network to a vpn user, i have auto packet filter off and created a specific filter, but the user has access to all the hsots in the internal network


This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to jmmacip
    What traffic should be dropped?
    Thanks


    Hi,

    The Rule should look like that:
    from elmec 
    to ANY 
    Service ANY 
    DROP

    and should be put directly AFTER your rule. To be 100% sure move your rule to the TOP (Rule 1) and the DROP rule after that (Rule 2).

    If this works, then there probably is a rule in your rulebase that allows acces to your internal network for the whole SSLVPN-address-pool. 

    Kind Regards,

    Matthias
Children
  • 0 in reply to MatthiasSchmidt1
    Matthias has it right.  But, if you had auto packet filter rule turned off in the VPN definition, your PF rule should have worked.  The fact that it didn't indicates that you have another rule letting things through just as Matthias guessed.

    The other thought I had when asking about the VPN was that for IPsec or SSL VPN, you could change 'Local networks' from 'Internal (Network)' to maquinas_elmec, and that would be all that was visible to the VPN.

    Cheers - Bob