Hi,
I want to limit the internal network IP each user can see.
For example, i want the user can see only the PC with IP 192.168.1.30
I have tried with the access list, but i dont have found a solution.
In this forum I have read this:
"There is priority in the access list.
You may want to use the following priority.
1. Allow access to specific local IP
2. Allow return packets
3. Deny access to all local IP
4. Allow access to all IP"
[attachment=0]fig4.jpg[/attachment]
[attachment=1]fig3.jpg[/attachment]
[attachment=2]fig2.jpg[/attachment]
restric access limit internal IP of VPN
-
- Posts: 2
- Joined: Thu Feb 09, 2017 6:42 pm
restric access limit internal IP of VPN
You do not have the required permissions to view the files attached to this post.
-
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: restric access limit internal IP of VPN
The priority just mean the order in which those rules are probed. (smaller priority will be tested first)
If you want to disable access to all PCs in 192.168.30.1/24 except the the .1 PC, then allow destination 192.168.1.30 (Priorty 1) as you did, then deny 192.168.1.30/24 (Priority 100 or so)
All traffic destined to 192.168.1.30 will get accepted, all traffic destined to other 192.168.1.30/24 will be denied
Btw 192.168.1.30/24 means the net mask is 255.255.255.0
Cheers
If you want to disable access to all PCs in 192.168.30.1/24 except the the .1 PC, then allow destination 192.168.1.30 (Priorty 1) as you did, then deny 192.168.1.30/24 (Priority 100 or so)
All traffic destined to 192.168.1.30 will get accepted, all traffic destined to other 192.168.1.30/24 will be denied
Btw 192.168.1.30/24 means the net mask is 255.255.255.0
Cheers
-
- Posts: 2
- Joined: Thu Feb 09, 2017 6:42 pm
Re: restric access limit internal IP of VPN
Thanks,
i have tried but don't work again.
step 1
allow destination IP 192.168.1.30 / 255.255.255.255 priority 1 source name "utente 1"
step2
deny destination IP 192.168.1.30 / 255.255.255.0 priority 100 source name "utente 1"
step 3
allow all source addresses and all destination addresses destination name "utente1"
I have modify only the access list. nothing else.
where is my error? thanks
i have tried but don't work again.
step 1
allow destination IP 192.168.1.30 / 255.255.255.255 priority 1 source name "utente 1"
step2
deny destination IP 192.168.1.30 / 255.255.255.0 priority 100 source name "utente 1"
step 3
allow all source addresses and all destination addresses destination name "utente1"
I have modify only the access list. nothing else.
where is my error? thanks
-
- Posts: 336
- Joined: Sat Aug 15, 2015 7:41 pm
Re: restric access limit internal IP of VPN
Step3 is not needed.
Sorry, I made a mistake in my last answer. I meant deny all traffic to the rest of 192.168.1.1/24, precisely the rule should look like:
deny destination IP 192.168.1.1 / 255.255.255.0 priority 100 source name "utente 1"
After applying this rule. Do you see undesired behaviour? if yes which IPs can you still access while you shouldn't?
Sorry, I made a mistake in my last answer. I meant deny all traffic to the rest of 192.168.1.1/24, precisely the rule should look like:
deny destination IP 192.168.1.1 / 255.255.255.0 priority 100 source name "utente 1"
After applying this rule. Do you see undesired behaviour? if yes which IPs can you still access while you shouldn't?
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: restric access limit internal IP of VPN
I think the error is caused by dropping DHCP request.
Please try to allow DHCP packet.
Please try to allow DHCP packet.