I'm a little confused about the zoning requirements with easy vpn. Considering the following setup on an 871 router:
interface vlan 1
desc Direct Internet Access
ip address 192.168.1.1 255.255.255.0
ip nat inside
interface vlan 2
desc Corporate Resources Access
ip address 10.1.1.1 255.255.255.224
crypto ipsec client ezvpn Corp inside
ip address x.x.x.x x.x.x.x
ip nat outside
crypto ipsec client ezvpn Corp outside
How would this be zoned so that all traffic from vlan2 only goes across the ipsec tunnel, all traffic from vlan1 goes to the internet, traffic cannot flow between vlan1 & vlan2, & no inbound traffic from the internet except return traffic for vlan1 and DNS (proxied by the router). I've seen some solutions with the classic firewall configurations, but not with the zone-based. Thanks for any insight.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...