|
|
| Author |
Message |
Hemat Maheshwari
Guest
|
 Posted: Mon Apr 24, 2006 12:44 pm Post subject: Access List for VPNs |
 |
|
access-list 80 permit ip host 202.83.175.110 172.16.200.0 255.255.255.0
nat (inside) 0 access-list 80
where
202.83.175.110 (Outside Interface IP)
172.16.200.0 (POOL For VPN Clients)
Is there any problem with this access-list. can vpn users access the
internat netwrok of 172.16.100.0/24
or do i have to add more acls. |
|
| Back to top |
|
 |
|
|
AM
Guest
|
| Posted: Mon Apr 24, 2006 1:08 pm Post subject: Re: Access List for VPNs |
|
|
Hemat Maheshwari wrote:
| Quote: |
access-list 80 permit ip host 202.83.175.110 172.16.200.0 255.255.255.0
nat (inside) 0 access-list 80
where
202.83.175.110 (Outside Interface IP)
172.16.200.0 (POOL For VPN Clients)
Is there any problem with this access-list. can vpn users access the
internat netwrok of 172.16.100.0/24
or do i have to add more acls.
|
Once the clients get the access through the VPNclient they are identified through the addresses belonging to the pool
you have assigned to them.
So you need:
- to avoid NAT between the internal LAN (behind the inside interface, or whichever interface [outside not included,
obviuosly] the VPNclients must reach) and the pool you have assigned;
- to allow the pool to each resources they must reach and the rules must be applied on the outside interface.
For me the rule you wrote does nothing.
HTH
A. |
|
| Back to top |
|
|
rave
Guest
|
| Posted: Tue Apr 25, 2006 2:47 am Post subject: Re: Access List for VPNs |
|
|
access-list 80 permit ip 172.16.100.0 255.255.255.0 172.16.200.0
255.255.255.0
nat (inside) 0 access-list 80
now they will be able to access the inside network 172.16.100.0 |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Private messages
Log in
