IPsec lock to VLAN?
Is it possible to lock IPsec to a VLAN? I want to lock the clients connecting from IPsec VPN to not to have contact with my LAN clients how is this possible?
Just thinking say your lan is on vlan 50 and your guest vlan is on vlan 60. You will likely have different address spaces for these vlans say 10.50.0.0/16 for vlan50 and say 10.60.0.0/16 for vlan 60. Then in your phase 2 settings of IPSec you could simply just set the network up as 10.60.0.0/16. This way IPSec will have access to vlan60 but not vlan50.
Just a thought.
Also, all connections from IPsec clients have to pass through the firewall rules on the IPsec tab. Those can be restrictive, even with a much broader phase 2 entry.
I have a phase 2 entry to work for my whole home /24, but the only things I allow through the rules on my IPsec tab are connections to my printer and IP phone. I can make connections to anything but they can only connect to those IP addresses/ports.
Seems like 2 good solutions.
Thanks for your help