I have a customer that needs to create a VPN between to RB082's that would limit the remote site's access to certain devices (in this case telnet-based bar code scanners and IP printers) and from those devices to a single server on the host side.
The VPN setup is simple and was done in couple of minutes, but what I'm finding is even after setting up rules with LAN as the source and Any as the destination that the rules don't seem to affect tunnel traffic specifically. I can block all traffic, but as soon as I open up say port 23 for telnet access from certain devices any device can access the remote side.
Any thoughts on adding a source and destination option of "VPN" to the options?
The RV082 'DHCP Server' only supports one subnet, so even though we can do 'port based VLAN' segregation in the local LAN, as soon as you define that subnet as your local group to be shared in the tunnel, I am pretty sure all devices are fair game.
Having said that, when you do set up the tunnel, there is an option on the RV082 'Local Group Setup' and the 'Remote Group Setup' (these are usually the 'subnets' from each site to shared) that you can try. Its called IP RANGE (instead of Subnet). This lets you pick the hosts to be shared. May require you to statically assign IPs to these clients. Maybe put the devices you want to share at the high end of the range that the DHCP server wont get to, and share those as the IP Range.....
Not sure I follow. Yes IPs can be assigned by MAC (e.g. DHCP reservation), but you don't want to have 2 DHCP servers on the same LAN and you really don't want to use DHCP servers that aren't AD aware and an AD network.
Not suggesting two DHCP servers. Use yours if you have to. Just make those devices that you dont want to be shared across the tunnel, have Ip address assignments beyond the range you specify in the tunnel config is what I am suggesing to try. I havent done this myself, so its a suggestion at this point.
Hi every one!!!When you are configuring a remote VPN connection, there
are some steps that are lost on the path. Here you can see those steps.
A) In your Cisco device: 1. Ensure you don´t have any rule denying the
traffic between the device and the remote...
** Update **These and a number of other issues have been addressed in
SRP520 MR3. Please see https://supportforums.cisco.com/docs/DOC-13853
for details on how to access this code.There have been a number of
reports of the SRP500 becoming unresponsive afte...
STANDARDSOURCECOMMENTSEthernet RJ-45 connector pin number12345678IEEE
802.3afusing data pairsRXDC+RXDC+TXDC-sparespareTXDC-sparespareIndustry
Standard for Embedded POE(used by Cisco Catalyst Switches)IEEE
802.3afusing spare pairs RXRXTXDC+DC+TXDC-DC-Indus...