Dear friends,
I am a novice with SoftEther, and after reading the manual and browsing forums, I have set up communication between two sites using an L3 virtual switch and cascading.
Site 1 - BJ (Main Site)
Server IP: 172.17.3.107/24
Gateway/L3 virtual interface: 172.17.3.252
Site 2 - SH (Branch)
Server IP: 192.168.11.50/24
Gateway/L3 virtual interface: 192.168.11.252
I then set up interconnectivity between the two sites using a Windows PC, adding routes on each test machine.
Currently, communication between the two sites is good, but now I want to achieve one-way communication, where 192.168.11.0/24 can access 172.17.3.0/24, but not vice versa.
I tried configuring the virtual hub's access list management by adding 'discard' rules and 'pass' rules, where the 'pass' rules have higher priority than the 'discard' rules. I set it up like this:
-'Pass rule': Source IP address 192.168.11.0, Subnet mask 255.255.255.0, Destination IP address 172.17.3.0, Subnet mask 255.255.255.0
-'Discard' rule: Opposite of the above pass rule
However, as soon as I enable the 'discard' rule, communication between BJ and SH stops. What should I do?
Thank you in advance.
L3 site-to-site one-way communication
-
- Posts: 1505
- Joined: Sun Feb 14, 2021 10:31 am
-
- Posts: 6
- Joined: Wed Apr 03, 2024 8:26 am
Re: L3 site-to-site one-way communication
Hi, solo
thanks for your help!
But the problem is not over yet.
I added groups in two rules, but unfortunately, as long as I add a group in the 'drop' rule, the 'drop' rule does not work.
thanks for your help!
But the problem is not over yet.
I added groups in two rules, but unfortunately, as long as I add a group in the 'drop' rule, the 'drop' rule does not work.
-
- Posts: 1505
- Joined: Sun Feb 14, 2021 10:31 am
-
- Posts: 6
- Joined: Wed Apr 03, 2024 8:26 am
Re: L3 site-to-site one-way communication
Hi solo,
Sorry for the long time no reply
I still can't achieve the effect I want. Look at my Access List, where is the problem?
Sorry for the long time no reply
I still can't achieve the effect I want. Look at my Access List, where is the problem?
You do not have the required permissions to view the files attached to this post.
-
- Posts: 1505
- Joined: Sun Feb 14, 2021 10:31 am
Re: L3 site-to-site one-way communication
Hello yyyyl8023, delete those and add only one rule:
Code: Select all
Action: Discard, Status: Enable, Priority: 1000, Contents: (ipv4) DstIPv4=192.168.11.0/24, Protocol=TCP, Unestablished
-
- Posts: 6
- Joined: Wed Apr 03, 2024 8:26 am
Re: L3 site-to-site one-way communication
Hi solo,
thank you for your help!
With your method, I have achieved it.
The current situation should be that TCP/IP traffic can only flow in one direction. I am wondering why ICMP and UDP traffic cannot do the same as TCP?
Thanks in advance
thank you for your help!
With your method, I have achieved it.
The current situation should be that TCP/IP traffic can only flow in one direction. I am wondering why ICMP and UDP traffic cannot do the same as TCP?
Thanks in advance