VPN Rule

[vallan]

A VPN rule has been created as below

source (client) <> dest <> vpn <> service <> allow

What we want to achieve is for the source (client) to do a one way tunnel to us only

We also want a situation whereby we will only do a one way connection to our client.

Questions:
Is the above rule sufficient?
Using the rulebase above, does it allow a two way tunnel??
How can I achieve a one way tunnel?

Thanks

 

[rn4it]

Not really,
It should be
source(client) =>dest=>services=>encrypt( you'll need to set the phase2 encryption)ie 3DES SHA1 for example.

 

[vallan]

Thanks. But really my question was

Does one rule allow for a 2 way tunnel. That is from

1. We need to allow the third party to tunnel to us and access some servers (A and B), so from outside in

2. We want to access some different servers (C and D) at the third party site, so from inside out.

source (client) <> dest <> vpn <> service <> allow (encrypt)

Will I need 2 different rulebase for this. ?

Thanks

 

[stooo]

1 rule will only allow the traffic to be intiialised from 1 side, so if A and B are at your site and C and D are the other end of the tunnel

Source - A & B
Destination - C & D
Service - Remote desktop (for example)
Action - encrypt

this will allow A and B to remote desktop to C and D, but won't allow C and D to remote desktop to A and B. To do this you will need to add a second rule with the source and destinations swapped round

Stu

 

[vallan]

Thank you very much. Thanks