IPSEC VPN restrict access



  • Hi.
    I'm looking at creating an IPSEC VPN between home and the office.

    Ideally I'd like to restrict this so only 2/3 devices locally (home) use it and from the office they can only access those 2/3 devices.
    Is this possible ?  Can someone point me in the right direction.

    Thanks


  • LAYER 8 Netgate

    @zMaliz:

    Hi.
    I'm looking at creating an IPSEC VPN between home and the office.

    Ideally I'd like to restrict this so only 2/3 devices locally (home)

    Pass the traffic you want to allow using firewall rules on the LAN interface for the remote VPN destinations.

    Then reject LAN net to the VPN destinations.

    Ideally this should also be done at the other side for traffic coming into the firewall there but you can generally control it like this too.

    use it and from the office they can only access those 2/3 devices.
    Is this possible ?  Can someone point me in the right direction.

    Pass the traffic you want passed from the remote sources on the IPsec tab.

    Reject everything else (or just let default deny there do it. I prefer reject for internal blocks like this so a negative reply is returned to the source.)



  • Thanks I'll try this over Christmas and see how I get on..



  • Thanks for the advice. I'm trying to work out the best way to do this..

    So far I've created an alias which contains the internal local IP Addresses I want to access the office via the IPSEC VPN. This alias is called 'OfficeACL'

    In Firewall / Rules / IPSec I've added a rule:
    Source: 192.168.10.0/24 (office range)
    Destination: OfficeACL

    In Firewall / Rules / LAN I've added a rule:
    Source: OfficeACL
    Destination: 192.168.10.0/24  (office range)

    Is that right ? will other devices in the local IP Address range be able to get to the office ?

    Will other devices in the office be able to get to anything other than OfficeCL devices ?

    Thanks


  • LAYER 8 Netgate

    I don't know what "Office" is. What is the IPsec tunnel network or the remote networks?

    What is the Local LAN subnet?



  • @Derelict:

    I don't know what "Office" is. What is the IPsec tunnel network or the remote networks?

    What is the Local LAN subnet?

    Hi
    Remote office network is 192.168.10.0/24
    Local LAN is 192.168.25.0/24

    I only want a couple of devices to have access via the VPN and be reachable from the VPN. These have been specified in the Office all

    Thanks


Log in to reply