Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Limit VPN access for certain user to only certain IP in the local network
  •  
f.maianti

Messages: 20
Karma: 0
Send a private message to this user
Hi all,
I'd like to know if it's possible to limit the access for certain user to a certain IP in my local network when connecting from VPN.

The scenario is the following:
-user1 and user2 connect via VPN using kerio vpn client and can see all my internal network
-user3 connect via VPN using kerio vpn client but can only access to one server with IP x.x.x.x
-user4 connect via VPN using kerio vpn client but can only access to another server with IP x.x.x.y
-user1,2,3 and 4 are users from active directory to wich my kerio ng500 is joined

Is this possible?

Thanks in advance
  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
You can define users in traffic rules.
http://kb.kerio.com/product/kerio-control/traffic-rules/conf iguring-traffic-rules-1312.html#sect-usersinrules
In your case the rules would look like this:

Rule 1
Source: user1 and user2
Destination: Trusted local network
Service: Any
Action: Allow

Rule 2
Source: user3
Destination: your internal server at IP x.x.x.x
Service: Any
Action: Allow

Rule 3
Source: user4
Destination: your internal server at IP x.x.x.y
Service: Any
Action: Allow

Rule 4
Source: VPN users
Destination: any
Service: Any
Action: Deny

Or rather than adding rule 4, you can remove VPN clients from default "Local Traffic" rule.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
f.maianti

Messages: 20
Karma: 0
Send a private message to this user
Thanks Brian, i'll try the method you suggested
Previous Topic: Problem with requestetd time out
Next Topic: How to block free VPNs/Proxy sites
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Dec 02 20:52:13 CET 2016

Total time taken to generate the page: 0.00905 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.