This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restrict Access to 1 host over site-2-site VPN

Hello,

I am trying to restrict access to a single server on one side of a Site-2-Site VPN tunnel without much luck. I have setup the VPN tunnel to allow Internal network of 192.168.2.0/24, turned off Automatic Packet Rules

I then created 2 rules on the firewall:
1: Remote network (10.100.20.0/24) -- Any -- Internal Lan (192.168.2.0/24) Drop
2. Remote netowrk -- Any -- Internal Lan Server (192.168.2.242)

users on other end of the VPN tunnel can still get to other servers in the network. Any ideas on what I might be missing?

This thread was automatically locked due to age.

0 BarryG over 10 years ago

Hi, do you have any NAT or Masq rules affecting this traffic?

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 10 years ago

get to other servers
Please be specific what you mean. File shares, internal web sites, FTP, ping, etc?

Examples:

-Ping is controlled at Network Protection > Firewall > ICMP
-If you are running the traffic through a proxy, like Web Filtering, the blocks have to be set in the proxy configuration.

Have you tried setting a Host object for the one server as the Local Network in the S2S configuration instead of your whole network?

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel