Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 2233 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Limit Remote Access VPN to select IP's

jskain
Hi:

I've got a remote user and would like to limit their access on only be coming from a select set of IP addresses. I couldn't find a way to set that up. 
They are a support contractor and I would like to limit it to their corporate IP address range, so someone there couldn't set the VPN up from home, a laptop, etc. 

I've got firewall rules restricting where they can go once the VPN extablishes, but want to restrict where the VPN is originating. 

Thanks,

John S.


This thread was automatically locked due to age.
Parents
  • 0
    John, I haven't tried this, but it should work...

    For example, with L2TP/IPsec, create a NAT rule like 'DNAT : Internet -> IPsec -> External (Address) : to {non-existant IP}'.  Just above that rule, create another one like ''No NAT : {Allowed IPs} -> IPsec -> External (Address)'.  Note that you will need to include in the {Allowed IPs} group the IPs of any Site-to-Site IPsec VPNs you have established.

    Please post your results.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    John, I haven't tried this, but it should work...

    For example, with L2TP/IPsec, create a NAT rule like 'DNAT : Internet -> IPsec -> External (Address) : to {non-existant IP}'.  Just above that rule, create another one like ''No NAT : {Allowed IPs} -> IPsec -> External (Address)'.  Note that you will need to include in the {Allowed IPs} group the IPs of any Site-to-Site IPsec VPNs you have established.

    Please post your results.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML