Once again - VPN access to LAN only
Posted: Tue Sep 03, 2024 7:12 am
Goodmorning,
First of all I'm not the beįgest expert here, but i have some knowledge...
I have been searching this forum for a solution, found some information, but still can not make it work the way i need...
And here's the situation:
Multiple IOT devices (via routers with SE Bridge installed) will be connected to SE VPN server and will connect to different virtual HUBS. Multiple clients will connect to those hubs for management of devices. I need to find a way to make clients only to be able to connect to their part - hubs, bridges, etc which is done and works, but forbid connection to the internet through that connection, because server is in the office, ant then there will be a lot of internet traffic, ad offices IP will be used for their connections. Doing anything at client side is not an option. Clients might connect from different networks randomly - home, office, coffee shop, gas station, mobile phone...
As i mentioned, i tried different stuff found here, in this forum...
I am using SE virtual DHCP server.
First of all tried to empty default gateway in Secure NAT configuration - client can connect to VPN, gets IP address from SE DHCP, but can't connect to VPN LAN devices.
Then i tried to use Access lists.
First made a rule that allows access to real network. Then discard everything else:
After the last rule i was unable to get IP from SE DHCP server. VPN Client shows Connected, nothing is accessible (LAN, internet)...
Then i made this rule, just for test: to allow traffic to SE NAT DHCP - That didn't help...
First of all I'm not the beįgest expert here, but i have some knowledge...
I have been searching this forum for a solution, found some information, but still can not make it work the way i need...
And here's the situation:
Multiple IOT devices (via routers with SE Bridge installed) will be connected to SE VPN server and will connect to different virtual HUBS. Multiple clients will connect to those hubs for management of devices. I need to find a way to make clients only to be able to connect to their part - hubs, bridges, etc which is done and works, but forbid connection to the internet through that connection, because server is in the office, ant then there will be a lot of internet traffic, ad offices IP will be used for their connections. Doing anything at client side is not an option. Clients might connect from different networks randomly - home, office, coffee shop, gas station, mobile phone...
As i mentioned, i tried different stuff found here, in this forum...
I am using SE virtual DHCP server.
First of all tried to empty default gateway in Secure NAT configuration - client can connect to VPN, gets IP address from SE DHCP, but can't connect to VPN LAN devices.
Then i tried to use Access lists.
First made a rule that allows access to real network. Then discard everything else:
After the last rule i was unable to get IP from SE DHCP server. VPN Client shows Connected, nothing is accessible (LAN, internet)...
Then i made this rule, just for test: to allow traffic to SE NAT DHCP - That didn't help...