Hello community
We have an ASG-220 (8.203) with Full Guard running in place and would like to set up remote access for users to specific networks we have set up inside the ASG.
Networks:
Internal LAN (eth0): 10.1.0.x
XX LAN (eth4) 10.1.1.x
YY LAN (eth5) 10.1.2.x
ZZ LAN (eth6) 10.1.3.x
Groups:
VPN-Internal
VPN-XX
VPN-YY
VPN-ZZ
Users are bound to that groups.
Now I would like to set up the VPN access so the Group VPN-Internal can only access the Internal LAN (10.1.0.x), the VPN-XX can only access the XX LAN (10.1.1.x) and so on.
What I've tried so far but didn't work:
Under Remote Access -> SSL:
- I've put the groups above to the Users and Groups.
- I've put all the networks above to the Local networks
- I've unchecked the Automatic Firewall rules checkbox
Under Network Security -> Firewall:
I've made new rules for every network for example:
Source: VPN Internal (Users Group Network)
Service: Any
Destination: Internal LAN (Network)
Action: Allow
I've I login with a users from the Group Internal LAN I can access the Internal LAN but the others as well? Do I miss something here? I don't think I the masq or NAT to configure that?!
Second questons:
I've got this standard VPN (SSL) pool. Is it possible to have for each network it's own pool? I would like that VPN users who accesses the Internal LAN network get an IP from the DHCP Server for 10.1.0.x. Same thing for the other networks.
Thanks
Phil
This thread was automatically locked due to age.
