VPNclient and access to LAN.

Discussion in 'Cisco' started by AM, Sep 9, 2005.

  1. AM

    AM Guest

    I would create 3 type of access to myLAN behind my router.

    1) powerful access: it means user can access the LAN over IP and can surf Internet (even if not secure);
    2) powerful access to LAN: it means user can not surf Internet but can communicate with whichever PC on the LAN to every
    ports and IP (it is allowed everything over IP protocol);
    3) restricted access to LAN: it means user can not surf Internet and his/her access to the LAN must go under constraints.

    Using "acl" option in client's section is not a good idea as it marks traffic to be protected. So I can not use it for
    people belonging to 1st group otherwise they will be permitted to surf Internet.

    I ought to apply rules concerning VPNclients directly to outside interface but they will be mixed with others rules
    applied over that interface.

    Is there a more pretty way? Should I use route maps? And how?

    Moreover saying the LAN beyond the router is 192.168.20.0/24 do you thing is a good idea to reserve a subnet (e.g
    192.168.20.128/28) for VPNclients? Doing that needs also to specify a route towards that range point to outside interface.

    Sorry for the long post.

    Alex.
     
    AM, Sep 9, 2005
    #1
    1. Advertisements

  2. AM

    AM Guest

    Sorry, I was wrong. 3rd group and not the 1st...
     
    AM, Sep 9, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.