For optimal security, the filters on the public interface allow only tunneled and Internet Control Message Protocol (ICMP) traffic by default but follow the link to configure outlook.
Thanks for your response, Thomas. This article is to connect through WebVPN. My users would like to connect to Outlook through VPN Client. Do you have any suggestions? Thanks.
so remote user is trying to connect to an exchange server over vpn via outlook, right?
assuming the remote vpn doesn't have any filter and the remote user already have access via webmail, then no more configuration should be needed.
Thanks Jack. Sorry for not making it clear. My users would like to use Outlook client through VPN client, not through WebVPN. Do you have any suggestions? Thanks.
Thanks for your prompt response, Jack. I am not able to open the above link. Is it possible for you to e-mail me the PDF file or any other format? Thanks.
it's good to learn that you are moving forward with the config. please read below re: creating rules/filters in order to restrict remote vpn access:
1. configure a new rule
go configuration > policy management > traffic management > rules
source address: network list: vpn client pool
destination address: ip address: email private ip
tcp/udp destination port: 110
in case you need more ports to be allowed, just create another rule by following the same logic. in fact, all parameters should be the same except the last one, which is the destination port number. (pop3/110, imap/143)
2. configure the filter
go configuration > policy management > traffic management > filter
click "add filter"
default action: forward
then click "add"
select the rule you've just created and click on "add rules to filter"
add all the rules you created from #1, also the last rule to be added shall be "access_deny (drop/in)".
3. apply filter to the group
go configuration > user management > groups
select the group you created for remote vpn access and click "modify group"
select "general" tab
go to option "filter" and select the filter you created from #2 and click "apply"
also remember to save the config by clicking the "save needed" icon at the top-right corner.
Sorry for not being able to get back to you sooner. Thanks again for taking the extra steps. I have questions with the configuration. On number #1, line 5, what configuration do I put for the Vpn Client Pool after it is created? Where do I apply this VPN Client Pool? Thanks.
please excuse me for not explaining well, in fact, it's not necessary.
under the section "source address > ip address", enter the existing vpn client pool. the pool is created when you configure remote vpn access. to verify, go configuration > system > address management > pools.
Thanks very much for your prompt response. Your instructions work without using the "vpn client pool". Thanks very much for taking time to do this for me.
it's good to learn that your issue has been resolved.
according to cisco:
Why should I rate posts?
If you see a post that you think deserves recognition, please take a moment to rate it.
You'll be helping yourself and others to quickly identify useful content -- as determined by members. And you'll be ensuring that people who generously share their expertise are properly acknowledged. As posts are rated, the value of those ratings are accumulated as "points" and summarized on the Member Profile page and on each member's Preferences page.