This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

limit certain user to certain machine

Hi,

I configured a ssl vpn user using astaro´s software.

How can I limit this user only to ping/connect to desired machine?Right now can ping connect all of them.

regards

This thread was automatically locked due to age.

0 BAlfson over 14 years ago

You could remove the 'Automatic packet filter rules' selection, then add packet filter rules like:

Limited (User Network) -> Any -> {desired machine} : Allow
Limited (User Network) -> Any -> Any : Drop
VPN Pool (SSL) -> Any -> Any : Allow

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 equintana over 14 years ago in reply to BAlfson

HI,

This user uses vpn ssl pool like allowed users.

If I limit (user network)-> any-> any drop

what will happend with allowed users?

This remote user has a non static public ip also.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 14 years ago

In the above example, "Limited" is the name of the user. When the user "Limited" logs in to the SSL Remote Access VPN, the "VPN Pool (SSL)" IP address assigned to the user also is associated to the Astaro "Limited (User Network)" object.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 equintana over 14 years ago in reply to BAlfson

Hi,

I created the new user and clicked to switch off 'Automatic packet filter rules'
Cancel
Vote Up 0 Vote Down

Cancel
0 equintana over 14 years ago

Done.... I´ll check the config tonight
Cancel
Vote Up 0 Vote Down

Cancel
0 equintana over 14 years ago

Hi,

Done config but using astaro ssl client, this user profile can not ping machines...

Looking at log:

ri Oct 22 16:51:15 2010 C:\WINDOWS\system32\route.exe ADD 192.168.157.0 MASK 255.255.255.0 10.242.2.5
Fri Oct 22 16:51:15 2010 ROUTE: route addition failed using CreateIpForwardEntry: Acceso denegado. [status=5 if_index=28]
Cancel
Vote Up 0 Vote Down

Cancel