I need to find the best way to configure a VPN connection for one of our clients with some restrictions
We are moving to a 871, replacing our dying SOHO WatchGuard. The customer currently VPN's in and gets assigned 10.0.0.249/24, part of our main network. He has a shared printer (on a PC) that we print orders to.
- customer establishes connection
- we open \\10.0.0.249\ and authenticate with a username & password
- we than can use our Accounting software to print to their mapped printer.
I want to change this a little on my end, I cannot change their equipment.
Created a Tunnel on 871 assigning customer 192.168.230.249/24 (only ip in pool). Using a test machine, I was able to print to a shared PC - just had modify file/print sharing to include network address.
What I want to make sure is that when the customer connects, they cannot access any services/machines on the network.
The ability to print from any machine on VLAN1 to the remote client should be allowed, along with icmp. However, all other traffic should be disallowed
The clients printer is an Okidata Turbo 320 Line printer ... there should be no bi-directional communication.
Any suggestions on the best approach to this?