unable to make vpn client filter on concentrator 3005 work
I am unable to push the client filter out to the vpn client from the 3005. Essentially I have a filter that allows all ip traffic which i want to push to the client. This would allow the client to establish an http session with an internal server. I have configured this filter for use by the user. The filter on the public interface is the default which does not allow for http traffic. Any tips?
Re: unable to make vpn client filter on concentrator 3005 work
If you want to allow VPn clients full access to your internal network then don't even bother with a filter. Just apply no filter under the Group an the user will be able to get to everything. The reason the Public filter doesn't allow HTTP is because when the packet comes in from the client it is encrypted (an ESP packet), so all the Public filter has to allow in is the encrypted protocols (which it does by default).
Having said that, if you want to apply a filter to a user, then do one of the following:
Allow access to 10.1.1.2 and block everything else:
To block access to everything but 10.10.1.2, create a rule that is Inbound/Forward, Source of Anything, Destination of 10.1.1.2/0.0.0.0. Create another rule, it can be left at the defaults which is Inbound, Drop, Source of anything, Dest of anything. Create a filter with default action of forward and add both your new rules to it, making sure the rule that allows access to the host 10.1.12 is ABOVE the default rule that will drop everything else.
Block access to 10.1.1.2 and allow everything else:
To allow access to everything except 10.10.1.2, create a rule that says Inbound, Drop, Source of anything and Destination of 10.10.1.2/0.0.0.0. Add a filter who's default action is to forward, and add the rule to that filter.
- You can allow or block access to whole subnets simply by changing your address/mask combination to something like: 10.1.1.0/0.0.0.255
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...