I'm attempting to limit access to network resources across a VPN tunnel but can't seem to get it right. Here's the situation...
1 Terminal Server (OKATERM1)
2 DC's + DNS (OKAMAIN1 & OKASQL1)
I want to allow DNS requests to the 2 DC's and RDP access to the Terminal Server for remote VPN clients. Nothing else is needed. My config looks good (to me), but clearly something is wrong. When I setup the VPN tunnel for testing there is full access to all 3 servers.
Any suggestions or comments are appreciated.
Config info follows:
name 192.168.2.11 OKASQL1
name 192.168.2.10 OKAMAIN1
name 192.168.2.12 OKATERM1
access-list inside_outbound_nat0_acl permit ip 192.168.2.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKAMAIN1 192.168.3.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKASQL1 192.168.3.0 255.255.255.0
access-list inside_outbound_nat0_acl permit ip host OKATERM1 192.168.3.0 255.255.255.0
access-list outside_cryptomap_dyn_40 remark VPN access to DNS
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...