VPN setup

Unanswered Question
May 18th, 2009
User Badges:

There are 2 sites: Location A & Location B

( Location B is shown as small rectangle in bottom left corner & rest all are part of Loc A)

If ssl based vpn is to be done at Loc A, users coming in from internet would come through internet router and to the ssl f.w with public ip

Users will be given ip pool address for vpn.

There is another f.w which connects to internal lan. The connection between these zones is through a connecting zone(ip's as given in diagram).

Now requirement is that any user connecting via this vpn should be able to access certain services at Loc B (includes icmp,ssh,traceroute )alongwith other servers.

Please help me understand what to configure on both vpn f.w & internal f.w to enable this access.

It would help me if some sample firewall rules(nat,acl) can be given based on the given situation.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
gmarogi Fri, 05/22/2009 - 12:21
User Badges:
  • Bronze, 100 points or more

You have to configure routing to the network B and ACL in firewall to allow the certain services. You also want to configure Static NAT if you configured already then no issues.

You have to apply the ACL on the inside interface in firewall which in coming from internet.

suthomas1 Sat, 05/23/2009 - 07:57
User Badges:

Is it wise to configure access rules on both ssl firewall & internal firewall?

Or to have more specific rules on the internal firewall?

Which one of these or any other method is more efficient.



This Discussion