RV042 VPN site to site access rule help needed

Unanswered Question
Mar 10th, 2010

Hello All-

I'm new to the forum so please forgive me if I broke any etiquette.  I have two remote sites.  They each have a RV042 VPN router.  The subnet for one site is 190.200.10.X and the other site is 190.200.85.x.  I only want IP address range 190.200.85.224-228 to be able to access IP address 190.200.10.5-9.  I've tried created access rules but they do not work.  I have servers in each building and I only want the servers to talk to each other through the VPN tunnel and nothing else.  Do the access rules apply only to traffic from the WAN and therefore not apply to a "trusted VPN connection"?  If so, is there anyway to accomplish what I want to do?


Thank you!


Ken

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
William Childs Fri, 03/26/2010 - 04:00

Ken,

It sounds as though you need ACLs that will filter LAN to LAN traffic. The main thing you want to keep in mind when writing these, is make sure you deny traffic coming from a specific source (being the other lan) to the destination. The WAN ip addressing is not involved when doing vpn connections and ACLs.

Bill

Alejandro Gallego Sun, 03/28/2010 - 21:44

Sorry for butting in....

Have you tried to create the VPN tunnel using the "local" and "remote" security groups as RANGE rather than SUBNET? really that should do exactly what you are describing.

When that is configured, the IPSec tunnel does two things,

1. Only allows traffic from IPs defined in the tunnel (both WAN and LAN source and destination) -- this is the ACL

2. Creates a route statement for all allowed devices through the tunnel.

Try this first and let us know, if you already did this please post a log.

Actions

This Discussion