IPsec lock to VLAN?
-
Hello
Is it possible to lock IPsec to a VLAN? I want to lock the clients connecting from IPsec VPN to not to have contact with my LAN clients how is this possible?
Thanks
-
Just thinking say your lan is on vlan 50 and your guest vlan is on vlan 60. You will likely have different address spaces for these vlans say 10.50.0.0/16 for vlan50 and say 10.60.0.0/16 for vlan 60. Then in your phase 2 settings of IPSec you could simply just set the network up as 10.60.0.0/16. This way IPSec will have access to vlan60 but not vlan50.
Just a thought.
-
Also, all connections from IPsec clients have to pass through the firewall rules on the IPsec tab. Those can be restrictive, even with a much broader phase 2 entry.
I have a phase 2 entry to work for my whole home /24, but the only things I allow through the rules on my IPsec tab are connections to my printer and IP phone. I can make connections to anything but they can only connect to those IP addresses/ports.
-
Ok
Seems like 2 good solutions.
Thanks for your help
