Hi every one,
With simple test project before used SoftEther VPN in my company I create this lab :
windows server 2012 R2 with two network cards internal with ip 192.168.1.1, External with IP 192.168.2.1 and installed SoftEther VPN server on it, Create local bridge between a Virtual Hub and internal network, in hub create users user1 & user2 with password authentication.
Another computer(windows 7) work as any client want to connect to VPN server from outside with IP 192.168.2.10, installed SoftEther VPN client on it.
And last server work as a file server in internal network with IP 192.168.1.3.
Create access list on Hub to pass only to user1 to connect to file server only with priority 900, and create access list to discard all connection to any ip in internal network with priority 1000.
So, as usual the user1 will can access to file server only, but with this setting in SoftEther the user1 can't connect to the file server! and I need to delete the discard access list if I need to the user access the internal network.
I need to permit specific users to access specific internal servers and anything else discard.
Can any body explain me how it works!
---------------------------------------------------------------
Update :
Any suggestion to make this scenario !
Access List problem
-
qupfer
- Posts: 202
- Joined: Wed Jul 10, 2013 2:07 pm
Re: Access List problem
Mhm0ud wrote:
> Create access list on Hub to pass only to user1 to connect to file server
> only with priority 900, and create access list to discard all connection to
> any ip in internal network with priority 1000.
>
> ---------------------------------------------------------------
> Update :
> Any suggestion to make this scenario !
Can you post your complete access-list?
Did you allow the connection from user1 to fileserver and also from fileserver to user1.
In most cases, one of the both required paths are missing, so the answer of the fileserver can't reach the client.
> Create access list on Hub to pass only to user1 to connect to file server
> only with priority 900, and create access list to discard all connection to
> any ip in internal network with priority 1000.
>
> ---------------------------------------------------------------
> Update :
> Any suggestion to make this scenario !
Can you post your complete access-list?
Did you allow the connection from user1 to fileserver and also from fileserver to user1.
In most cases, one of the both required paths are missing, so the answer of the fileserver can't reach the client.
-
Mhm0ud
- Posts: 3
- Joined: Thu Mar 05, 2015 1:05 pm
Re: Access List problem
Access List :
1-Permit user1 to acess any IP with any souce IP Priority : 100
2-Deny any any any any Priority :200
* I disabled firewall in both machines
*in basic settings they type smaller number has higher priority, and IP packets that didn't match any access list items can pass
1-Permit user1 to acess any IP with any souce IP Priority : 100
2-Deny any any any any Priority :200
* I disabled firewall in both machines
*in basic settings they type smaller number has higher priority, and IP packets that didn't match any access list items can pass
-
Mhm0ud
- Posts: 3
- Joined: Thu Mar 05, 2015 1:05 pm
Re: Access List problem
If any body use Access List can describe the and how it work.
I work with latest version (Ver 4.14, Build 9529, beta)
I work with latest version (Ver 4.14, Build 9529, beta)
-
thisjun
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Access List problem
Try to allow broadcast packet.