10-04-2011 11:54 AM - edited 03-11-2019 02:33 PM
Hello, I have a 3845 router (12.4(13r)T10) with ZBF. On my LAN there is a user who need to access a remote IPSEC VPN server. He is able to get the tunnel but afterwards he cannot connect to any service in the remote LAN. As I'm using zbf I think that I should inspect traffic from my LAN zone to EXT zone, There is a document that describe a solution to this? What IP adressess should I use? Thanks.
10-05-2011 01:14 PM
OK, let's try again.
A user from my local LAN is trying to access a REMOTE SERVICE through a REMOTE VPN SERVER. Since I'm using a Zone Based Firewall, what would be the rules to permit first the connection to the REMOTE VPN SERVER (using IPSEC) and second allow traffic from LOCAL PC to REMOTE SERVICE.
What IP numbers should I use to the source address? Those provided by the REMOTE VPN SERVER or my LOCAL ones. Any pointers will be appreciated. Thanks.
10-05-2011 10:13 PM
Hi,
What kind of VPN are you using?
If the local PC needs to access the Remote service, it will need to connect to the IP address across the tunnel, so the remote service when replies back.
So your zone based should have a policy allowing from the local PC to the Remote service (in-zone to outside) and then another one (Out-zone to in-zone)
Make sure that the policy is located at first, so other inspections will not hit first.
Mike.
10-06-2011 11:17 AM
Hey,
Maykol Rojas wrote:
Hi,
What kind of VPN are you using?
The local user access an IPSEC VPN on the REMOTE VPN SERVER.
If the local PC needs to access the Remote service, it will need to connect to the IP address across the tunnel, so the remote service when replies back.So your zone based should have a policy allowing from the local PC to the Remote service (in-zone to outside) and then another one (Out-zone to in-zone)
In ZBF, returning traffic from inspected outgoing traffic is permitted, is this right? Should I allow traffic from the remote LAN although it was permited the traffic from my LAN?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide