Using Directional VPN for Remote Access

In This Section: Directional VPN in RA Communities Configuring Directional VPN with Remote Access Communities

Directional VPN in RA Communities

With Directional VPN configured for Remote Access communities, the option exists to reject connections to or from a particular network object.

Source	Destination	VPN	Service	Action
Any	Any	Remote_Access_Community => MyIntranet	Any	drop
Any	Any	Remote_Access_Community => Any Traffic	Any	accept

Connections are not allowed between remote users and hosts within the "MyIntranet" VPN community. Every other connection originating in the Remote Access Community, whether inside or outside of the VPN communities, is allowed.

User Groups as the Destination in RA communities

User groups can be placed in the destination column of a rule. This makes:

• Configuring client to client connections easier
• Configuring "back connections" between a remote client and a Security Gateway possible.

Source	Destination	VPN	Service	Action
Any	Remote_Users@Any	Any Traffic => Remote_Access_Community	Any	accept

To include user groups in the destination column of a rule:

• The rule must be directional
• In the VPN column, the Remote Access community must be configured as the endpoint destination

Configuring Directional VPN with Remote Access Communities

To configure Directional VPN with Remote Access communities:

1. In Global Properties > VPN page > Advanced > Select Enable VPN Directional Match in VPN Column.
2. Right-click inside the VPN column of the appropriate rule, and select Edit... or Add Direction from the pop-up menu.

   The VPN Match Conditions window opens.

3. Click Add.

   The Directional VPN Match Conditions window opens.

4. From the drop-down box on the right, select the source of the connection.
5. From the drop-down box on the left, select the connection's destination.
6. Click OK.