Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 2015 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Restrict Access to 1 host over site-2-site VPN

cleight
Hello,

I am trying to restrict access to a single server on one side of a Site-2-Site VPN tunnel without much luck. I have setup the VPN tunnel to allow Internal network of 192.168.2.0/24, turned off Automatic Packet Rules

I then created 2 rules on the firewall:
1: Remote network (10.100.20.0/24) -- Any -- Internal Lan (192.168.2.0/24) Drop
2. Remote netowrk -- Any -- Internal Lan Server (192.168.2.242)

users on other end of the VPN tunnel can still get to other servers in the network. Any ideas on what I might be missing?


This thread was automatically locked due to age.
Parents
  • 0
    get to other servers
    Please be specific what you mean.  File shares, internal web sites, FTP, ping, etc?

    Examples:

    -Ping is controlled at  Network Protection > Firewall > ICMP
    -If you are running the traffic through a proxy, like Web Filtering, the blocks have to be set in the proxy configuration.

    Have you tried setting a Host object for the one server as the Local Network in the S2S configuration instead of your whole network?
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Reply
  • 0
    get to other servers
    Please be specific what you mean.  File shares, internal web sites, FTP, ping, etc?

    Examples:

    -Ping is controlled at  Network Protection > Firewall > ICMP
    -If you are running the traffic through a proxy, like Web Filtering, the blocks have to be set in the proxy configuration.

    Have you tried setting a Host object for the one server as the Local Network in the S2S configuration instead of your whole network?
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
Children
No Data
Unfiltered HTML