Print Download PDF Send Feedback

Previous

Next

Using Directional VPN for Remote Access

In This Section:

Directional VPN in RA Communities

Configuring Directional VPN with Remote Access Communities

Directional VPN in RA Communities

With Directional VPN configured for Remote Access communities, the option exists to reject connections to or from a particular network object.

Source

Destination

VPN

Service

Action

Any

Any

Remote_Access_Community => MyIntranet

Any

drop

Any

Any

Remote_Access_Community => Any Traffic

Any

accept

Connections are not allowed between remote users and hosts within the "MyIntranet" VPN community. Every other connection originating in the Remote Access Community, whether inside or outside of the VPN communities, is allowed.

User Groups as the Destination in RA communities

User groups can be placed in the destination column of a rule. This makes:

Source

Destination

VPN

Service

Action

Any

Remote_Users@Any

Any Traffic => Remote_Access_Community

Any

accept

To include user groups in the destination column of a rule:

Configuring Directional VPN with Remote Access Communities

To configure Directional VPN with Remote Access communities:

  1. In Global Properties > VPN page > Advanced > Select Enable VPN Directional Match in VPN Column.
  2. Right-click inside the VPN column of the appropriate rule, and select Edit... or Add Direction from the pop-up menu.

    The VPN Match Conditions window opens.

  3. Click Add.

    The Directional VPN Match Conditions window opens.

  4. From the drop-down box on the right, select the source of the connection.
  5. From the drop-down box on the left, select the connection's destination.
  6. Click OK.