it seems that when a remote user connect by VPN to the corporate LAN, he can access to all computer and all server. I try to apply an access-list to inside interface, but it doesnt work. how can avoid vpn remote user to connect on specific server ?
Re: how to avoid vpn client to access all the lan ?
You have to create rules that only allow access to specified boxes, then apply those rules to a filter, then apply that filter to that user. Go under the Confioguration - Policy Mgmt - Traffic Mgmt section and then do the following:
To allow access to 10.1.1.2 and block everything else:
To block access to everything but 10.10.1.2, create a rule that is Inbound/Forward, Source of Anything, Destination of 10.1.1.2/0.0.0.0. Create another rule, it can be left at the defaults which is Inbound, Drop, Source of anything, Dest of anything. Create a filter with default action of forward and add both your new rules to it, making sure the rule that allows access to the host 10.1.12 is ABOVE the default rule that will drop everything else.
To block access to 10.1.1.2 and allow everything else:
To allow access to everything except 10.10.1.2, create a rule that says Inbound, Drop, Source of anything and Destination of 10.10.1.2/0.0.0.0. Add a filter who's default action is to forward, and add the rule to that filter.
- You can allow or block access to whole subnets simply by changing your address/mask combination to something like: 10.1.1.0/0.0.0.255
Now go under the User Management section and apply that filter to the Group or User section under the General tab.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...