Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio VPN Client - only access to one particular server (The client must only be able to connect to one particular server)
  •  
pvvugt

Messages: 10
Karma: 0
Send a private message to this user
First of all, I am not a Kerio expert, but I managed to get the VPN server working, so now I am able to connect with the Kerio VPN client (Hurray!). Now I want the following and don't know how to configure this.

In our internal network we have a few Unix servers, those can be reached internal through SSH or Telnet.
Now when the Kerio VPN client is connected a client of us is able to connect remotely to all of these Unix servers. But it only should be possible to connect to one server only through SSH/Telent. So it should not be possible for the user to connect to the other Unix servers.

I tried to add a extra trafic rule below the VPN service, but that did not worked. The client can still reach the other servers,
./fa/3616/0/

Can some tell me how to configure this so the client can only acces this single server through SSH/Telnet?

[Updated on: Wed, 15 October 2014 15:37]

  •  
Petr Dobry (Kerio)

Messages: 775
Karma: 61
Send a private message to this user
That's because it's probably allowed by other traffic rule. Check other traffic rule.

1. Setup dedicated user for that VPN client.
2. Assign a specific VPN IP address to that user (so he gets the same IP every time he connects) in user's settings.
3. create a traffic rule allowing that IP access to local network and specific server, ports SSH, Telnet
4. create a traffic rule forbidding that IP address access to local network

Petr Dobry
Product Development Manager | Kerio

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Looking for help ? - http://kb.kerio.com
  •  
pvvugt

Messages: 10
Karma: 0
Send a private message to this user
Hi Petr,

Thanks for your reply. I am following your instructions but got a bit stuck ... sorry...

1. Setup dedicated user for that VPN client. => OK
2. Assign a specific VPN IP address to that user (so he gets the same IP every time he connects) in user's settings. => OK
3. create a traffic rule allowing that IP access to local network and specific server, ports SSH, Telnet => This is where I get stuck. I don't know what to select in the column Source, Destination, etc.
4. create a traffic rule forbidding that IP address access to local network => This is where I get stuck. I don't know what to select in the column Source, Destination, etc.

I am sorry...
  •  
Petr Dobry (Kerio)

Messages: 775
Karma: 61
Send a private message to this user
Source will be that IP of VPN client
Destination will be IP of the server in LAN you want to allow access to
no NAT or MAP necessary

second rule:
Source will be that IP of VPN client
Destination will be Trusted/Local interfaces
and action Drop or Reject.

Similary to this:

./fa/3617/0/

[Updated on: Wed, 15 October 2014 17:15]


Petr Dobry
Product Development Manager | Kerio

Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Looking for help ? - http://kb.kerio.com
  •  
pvvugt

Messages: 10
Karma: 0
Send a private message to this user
Hi Petr,

Thank you very much for your reply. It worked!

Previous Topic: Kerio block some sites!!
Next Topic: Kerio Control and SSL 3.0 POODLE vulnerability
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Feb 23 17:32:48 CET 2017

Total time taken to generate the page: 0.01733 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.