I'm attempting to limit access to network resources across a VPN tunnel but can't seem to get it right. Here's the situation...
1 Terminal Server (OKATERM1)
2 DC's + DNS (OKAMAIN1 & OKASQL1)
I want to allow DNS requests to the 2 DC's and RDP access to the Terminal Server for remote VPN clients. Nothing else is needed. My config looks good (to me), but clearly something is wrong. When I setup the VPN tunnel for testing there is full access to all 3 servers.
Any suggestions or comments are appreciated.
Config info follows:
name 192.168.2.11 OKASQL1
name 192.168.2.10 OKAMAIN1
name 192.168.2.12 OKATERM1
access-list inside_outbound_nat0_acl permit ip 192.168.2.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKAMAIN1 192.168.3.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKASQL1 192.168.3.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKATERM1 192.168.3.0 255.255.255.0
access-list outside_cryptomap_dyn_40 remark VPN access to DNS
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...