DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
SSL Dial- in Vpn
- dolive
- Topic Author
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
15 Sep 2023 13:11 #102833
by dolive
SSL Dial- in Vpn was created by dolive
Hello
First, forgive my poor knowledge;
Environment:
3 companies, A, B and C
Company A - Draytek 2960 Router updated with the latest version available and configured with an SSL Dial-In Vpn.
Company B - Computer with Smart VPN Client configured to access Company A via SSL VPN, and which works.
Company C - My Laptop with Smart VPN Client configured to access Company A via SSL VPN, and it works.
What I want to do and am not achieving:
1) If the Draytek VPN Client configuration file is copied to another company ?, I want the router to block that access. What did I do:
1.1) I created a Service Type Object, "SSL"
1.2) In the firewall I created two rules. They are the firsts.
The first to prohibit access through SSL Vpn's (Service Type Object-SSL).
The second to authorize access through SSL Vpn's (Service Type Object-SSL), but with the "source IP" = fixed public IP of company A.
(I think the prohibition rule is correct, because if I activate it without the authorizing rule, I cannot access company A. (Smart VPN Client fails)
With both rules activated and with my laptop at home (public IP different from the Public IP defined in the "source IP" of the authorization rule, I can open the SSL VPN for company A. Where am I failing?
I would also like to ask for your help with the following:
When the VPN is up, the only equipment that can be pinged are two servers. (that's what I want and it's configured in the Firewall).
However, some devices are networks printers and they can be accessed via Http. How can I prevent this type of access to the 4 printers inside at Company A?
Thanks in advance
Dolive
First, forgive my poor knowledge;
Environment:
3 companies, A, B and C
Company A - Draytek 2960 Router updated with the latest version available and configured with an SSL Dial-In Vpn.
Company B - Computer with Smart VPN Client configured to access Company A via SSL VPN, and which works.
Company C - My Laptop with Smart VPN Client configured to access Company A via SSL VPN, and it works.
What I want to do and am not achieving:
1) If the Draytek VPN Client configuration file is copied to another company ?, I want the router to block that access. What did I do:
1.1) I created a Service Type Object, "SSL"
1.2) In the firewall I created two rules. They are the firsts.
The first to prohibit access through SSL Vpn's (Service Type Object-SSL).
The second to authorize access through SSL Vpn's (Service Type Object-SSL), but with the "source IP" = fixed public IP of company A.
(I think the prohibition rule is correct, because if I activate it without the authorizing rule, I cannot access company A. (Smart VPN Client fails)
With both rules activated and with my laptop at home (public IP different from the Public IP defined in the "source IP" of the authorization rule, I can open the SSL VPN for company A. Where am I failing?
I would also like to ask for your help with the following:
When the VPN is up, the only equipment that can be pinged are two servers. (that's what I want and it's configured in the Firewall).
However, some devices are networks printers and they can be accessed via Http. How can I prevent this type of access to the 4 printers inside at Company A?
Thanks in advance
Dolive
Please Log in or Create an account to join the conversation.
- HodgesanDY
- Offline
- Member
Less
More
- Posts: 203
- Thank you received: 16
16 Sep 2023 21:28 #102838
by HodgesanDY
Replied by HodgesanDY on topic Re: SSL Dial- in Vpn
Hi Dolive,
Try switching the rules around.
Have the blocking rule later down the list of rules.
If you place the block rule first, the allow rule will never be reached.
Try switching the rules around.
Have the blocking rule later down the list of rules.
If you place the block rule first, the allow rule will never be reached.
Please Log in or Create an account to join the conversation.
- dolive
- Topic Author
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
17 Sep 2023 13:35 #102842
by dolive
Replied by dolive on topic Re: SSL Dial- in Vpn
Hy
In the scenario in question, the local network can be accessed via SSL VPN from two companies (a) e (b). In both cases, VPNs are called with Draytek's Smart Vpn client.
On the local network router I have rules created for these companies, namely access to only two devices on the local network.
I only intend to authorize VPN access triggered from Company A and B. On the router I created 2 "ip objects" with these two remote Wans.
As suggested, I then put the rules of
1) SSL VPN ban
2) SSL VPN authorization for Wans from Company A and Company B
At the end of all created rules.
But I am on a different Wan than the Wans of companies A and B, the router authorizes my access.
Thanks in advenced
In the scenario in question, the local network can be accessed via SSL VPN from two companies (a) e (b). In both cases, VPNs are called with Draytek's Smart Vpn client.
On the local network router I have rules created for these companies, namely access to only two devices on the local network.
I only intend to authorize VPN access triggered from Company A and B. On the router I created 2 "ip objects" with these two remote Wans.
As suggested, I then put the rules of
1) SSL VPN ban
2) SSL VPN authorization for Wans from Company A and Company B
At the end of all created rules.
But I am on a different Wan than the Wans of companies A and B, the router authorizes my access.
Thanks in advenced
Please Log in or Create an account to join the conversation.
- HodgesanDY
- Offline
- Member
Less
More
- Posts: 203
- Thank you received: 16
17 Sep 2023 19:52 #102845
by HodgesanDY
Hi Dolive,
My suggestion was to switch these rules around.
So the block “ban” happens last , or at least after the allow rule, in the rules order.
The “allow” rule for your ‘IP Objects’ must happen before the “ban” rule.
Replied by HodgesanDY on topic Re: SSL Dial- in Vpn
dolive wrote:
As suggested, I then put the rules of
1) SSL VPN ban
2) SSL VPN authorization for Wans from Company A and Company B
At the end of all created rules.
Hi Dolive,
My suggestion was to switch these rules around.
So the block “ban” happens last
The “allow” rule for your ‘IP Objects’ must happen before the “ban” rule.
Please Log in or Create an account to join the conversation.
- dolive
- Topic Author
- Offline
- New Member
Less
More
- Posts: 5
- Thank you received: 0
18 Sep 2023 22:13 #102856
by dolive
Replied by dolive on topic Re: SSL Dial- in Vpn
It Works
Thanks
Do
Thanks
Do
Please Log in or Create an account to join the conversation.
- HodgesanDY
- Offline
- Member
Less
More
- Posts: 203
- Thank you received: 16
18 Sep 2023 22:16 #102857
by HodgesanDY
Replied by HodgesanDY on topic Re: SSL Dial- in Vpn
Awesome news! I’m glad it’s working now
Please Log in or Create an account to join the conversation.
Moderators: Chris, Sami
Copyright © 2024 DrayTek