We recently purchased a Cisco SA 540 Security Appliance in order to have VPN access to our company network. The intent is to allow outside vendors specific access to a single server and lock them out of the rest of the network. SSL VPN tunnel is being used.
Setting up the VPN was a breeze, but we are having trouble restricting incoming traffic to the target server. The following things were done:
1. Set up a group for VPN access.
2. Define a network resource consisting of the server IP address.
3. Define a network resource consisting of the entire LAN (a.b.c.d/24).
4. Add a group policy permitting access to the server.
5. Add a group policy denying access to the LAN.
The problem is that after doing this, VPN users can still ping and connect to all systems on the LAN. There does not appear to be anything in the firewall settings that pertains to the VPN tunnel. What needs to be done to put an effective restriction in place? Thanks for any help with this!