First off let me say I didn't design, create or, even recommend this network. I Inherited this mess, I'm just the one cleaning up...
The previous admin has setup a email account for a local lawyer that my company uses. When someone needs to send the lawyer sensitive information they will do so by sending to his email address here. Now the lawyer has his own network and firewall. The previous admin supposedly setup a LAN to LAN VPN connection between his network and ours using our PIX 515 Firewall. Since the previous admin has been gone we have purchased a VPN Concentrator, 3005, and I would like to start using this instead of what he setup on the PIX, since I can't really trust how he put things together.
I only want the lawyer to be able to pull his email and not have access to the rest of the network. Is there a way to setup some type of ACL, or Filter, or something that will only allow this function with a VPN Concentrator 3005? Any suggested would be greatly appreciated.
Create a separate group on the concentrator for just this person, and set up his client to connect to that group.
Create a rule (under Config - Policy Mgmt - Traffic Mgmt - Rules) that is Inbound/Forward, Source of Anything, Destination of /0.0.0.0, dest port TCP port 25. Create another rule, it can be left at the defaults which is Inbound, Drop, Source of anything, Dest of anything. Create a filter (under Config - Policy Mgmt - Traffic Mgmt - Filters) with default action of forward and add both your new rules to it, making sure the rule that allows access to the host mail server is ABOVE the default rule that will drop everything else.
Modify the group you created for this one user and under the General tab, apply that filter to it.
This should be all you need to do. Test it first to make sure.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...