Ive attached a network diagram that illustrates our current network setup. We have a server at our location running web services that are integrated with an application running on that server. Since its connected to our LAN, its only accessible to clients on the inside or clients using VPN. What Im trying to do is develop a way to allow certain VPN clients access to only that web server and no other network resources. The problem, for me anyway, is that the http server is a hop away from our Internet connection and VPN concentrator, as you can see on the attached map. I can create a separate VPN group and give it a unique network via DHCP so I can restrict that network using an ACL, but am not sure where to place that ACL. The concentrators public interface is directly connected to the Internet, and its private connected directly to the LAN, a switch that is then connected to a router. Not the ideal setup, but I didnt set it up . So if a VPN client comes in, hes immediately passed to the LAN, a switch, in Atlanta, 10.1.1.0, and from there is sent to the router, 10.1.1.1, which is connected to a frame-relay network that leads to my router and LAN with my http server. What would it take to get this to work?
i have been trying to restrict the vpn access traffice using the rules of the vpn concentrator, but i am unable to restrict the address.If i permit port 80 then all the web services will be accessiable.
is there any way I can restrict access to specified hosts and spefic ports.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...