hi everybody, maybe it is a simple thing because every lancom router can do this: vpn connection for ONE Person to access only ONE IP ADRESS in astaros network! how to? [;)] thanks
If you have more than one VPN user, I believe some of the remote-access VPNs allow you to assign an IP in the VPN pool for that user, in which case:
DON'T check the 'auto packetfilter rule', and instead, create a packetfilter rule manually for source: vpn pool address dest: the destination computer allow
If you only have 1 VPN user, then the packetfilter rule would work; just use VPN Pool as the source.
Also, when a user is logged into a VPN, the "Username (User Network)" object is populated. That means you can make individual Firewall Rules for VPN users. If you have a general rule like 'VPN Pool (L2TP) -> Any -> Any : Allow', you can do the following:
1. User_01 (User Network) -> Any -> Server : Allow 2. User_01 (User Network) -> Any -> Any : Drop 3. VPN Pool (L2TP) -> Any -> Any : Allow
Of course, if you only have rules for individual users and no global Allow rule for the entire pool, then all you need are rules like 'User_01 (User Network) -> Any -> Server : Allow' and all the other traffic will be Default Dropped.
Edit the user account on the Astaro. You will see that there is an option to "Use static remote access IP"
The static remote access IP can only be used for remote access through PPTP, L2TP, and IPsec. It cannot be used, however, for remote access through SSL
