Zone-based Firewall & Easy VPN

Unanswered Question
Jan 28th, 2008

I'm a little confused about the zoning requirements with easy vpn. Considering the following setup on an 871 router:

interface vlan 1

desc Direct Internet Access

ip address 192.168.1.1 255.255.255.0

ip nat inside

interface vlan 2

desc Corporate Resources Access

ip address 10.1.1.1 255.255.255.224

crypto ipsec client ezvpn Corp inside

interface Fa4

desc Public

ip address x.x.x.x x.x.x.x

ip nat outside

crypto ipsec client ezvpn Corp outside

How would this be zoned so that all traffic from vlan2 only goes across the ipsec tunnel, all traffic from vlan1 goes to the internet, traffic cannot flow between vlan1 & vlan2, & no inbound traffic from the internet except return traffic for vlan1 and DNS (proxied by the router). I've seen some solutions with the classic firewall configurations, but not with the zone-based. Thanks for any insight.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion