Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
2
Helpful
2
Replies

VPN setup

suthomas1
Level 6
Level 6

‎05-18-2009 06:17 AM

There are 2 sites: Location A & Location B

( Location B is shown as small rectangle in bottom left corner & rest all are part of Loc A)

If ssl based vpn is to be done at Loc A, users coming in from internet would come through internet router and to the ssl f.w with public ip 65.23.14.56.

Users will be given 192.168.2.0/24 ip pool address for vpn.

There is another f.w which connects to internal lan. The connection between these zones is through a connecting zone(ip's as given in diagram).

Now requirement is that any user connecting via this vpn should be able to access certain services at Loc B (includes icmp,ssh,traceroute )alongwith other servers.

Please help me understand what to configure on both vpn f.w & internal f.w to enable this access.

It would help me if some sample firewall rules(nat,acl) can be given based on the given situation.

Thanks.

Labels:
Preview file
45 KB
0 Helpful
2 Replies 2

gmarogi
Level 5
Level 5

‎05-22-2009 12:21 PM

You have to configure routing to the network B and ACL in firewall to allow the certain services. You also want to configure Static NAT if you configured already then no issues.

You have to apply the ACL on the inside interface in firewall which in coming from internet.

suthomas1
Level 6
Level 6
In response to gmarogi

‎05-23-2009 07:57 AM

Is it wise to configure access rules on both ssl firewall & internal firewall?

Or to have more specific rules on the internal firewall?

Which one of these or any other method is more efficient.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents