Blocking IP addressess/subnets from accessing via the remote VPN.
I'l start with saying what I've currently got set up.
We currently have a SA 520 set up in a control center with 3 remote VPNs set up to external networks so that a Database in the control center can share data with the databases on the 3 external networks.
This works great and we can know access the network from any external source (if they have a username and password) using the shrew remote VPN.
The query i have is what would have if someone tried to access the network via remote VPN when they are on a subnet the same as one of the subnets currently used by one of the 3 external networks? would this cause problems and if so how can i block those subnets from being used by people using the remote VPN?
The internal network at the control center is 192.168.106.0/24 and 1 of the external sites that the VPN has a link to is 192.168.100.0/24 so basically what would happen if i was sat at home on a laptop configured as 192.168.100.4 for example and tried to remote vpn to the internal network would it fail or would it interfere/clash with the current VPN (this is the one thing i must prevent) and if so how can i prevent it?
Any help with this would be great folks and much appriciated
Re: Blocking IP addressess/subnets from accessing via the remote
If you are using split tunnel and pushing 192.168.100.x/24 network, the end user will not be able to access the remote network as 192.168.100.x is a directly connected network. If you do a full tunnel, where everything is going via the VPN tunnel, then this would not be a problem. The case you are talking about is overlapping network and it happens sometime. So, to avoid the problem, make sure that the end users network is not from the same range that of your 3 external networks.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...