Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Restrict VPN user to specific LAN IP?
  •  
ericbullock is currently offline ericbullock

Messages: 53
Karma: 1
Send a private message to this user
Is there a way in Control to set up a VPN connection such that a specific user only has access to a specific resource? For example, I would like to give a remote user secure access to a FileMaker server on our LAN...and NOTHING else.

Is this possible?
  •  
bm

Messages: 56
Karma: 10
Send a private message to this user
Easy...

Source: Firewall, VPN_User, FM_Server_IP
Destination: Firewall, VPN_User, FM_Server_IP
Service: FM_Server_Services
Action: Allow
  •  
Kerio/GFI Brian is currently offline Kerio/GFI Brian

Messages: 867
Karma: 90
Send a private message to this user
Note that you also must remove "VPN clients" from the default "Local traffic" rule.

Brian Carmichael
Instructional Content Architect
  •  
ericbullock is currently offline ericbullock

Messages: 53
Karma: 1
Send a private message to this user
Thanks Brian and bm! I will experiment with this later. I appreciate the guidance!
  •  
ericbullock is currently offline ericbullock

Messages: 53
Karma: 1
Send a private message to this user
Brian, if I remove "VPN clients" from the default Local Traffic rule, will ALL of my VPN clients be restricted to only the FileMaker server? Basically I want 99% of my users to be able to access the entire LAN and that other 1% to only have access to FileMaker. I've created two user groups...one with all the members I want to have un-restricted access, and another group of users that I only want to have access to FileMaker.
  •  
Kerio/GFI Brian is currently offline Kerio/GFI Brian

Messages: 867
Karma: 90
Send a private message to this user
In that case, remove 'VPN clients' in the local traffic rule and replace it with the user group that contains the un-restricted users.
Then add another rule that allows access from your restricted group to the FileMaker server.

Brian Carmichael
Instructional Content Architect
  •  
ericbullock is currently offline ericbullock

Messages: 53
Karma: 1
Send a private message to this user
OK, so what I have now is this.

Rule for allowing "restricted" users access to FileMaker:

Source: Firewall, Restricted_VPN_Users, FM_Server_IP
Destination: Firewall, Restricted_VPN_Users, FM_Server_IP
Service: FM_Server_Services
Action: Allow

Default Local Traffic Rule:

Source: Firewall, Trusted/Local Interfaces, All VPN Tunnels, Trusted_VPN_Users
Destination: Firewall, Trusted/Local Interfaces, All VPN Tunnels, Trusted_VPN_Users
Service: Any
Action: Allow

Is that right?
  •  
Kerio/GFI Brian is currently offline Kerio/GFI Brian

Messages: 867
Karma: 90
Send a private message to this user
Yes, this looks right. You probably don't need to include the firewall in your first rule unless they need to resolve the hostname of the FM server.

Brian Carmichael
Instructional Content Architect
  •  
ericbullock is currently offline ericbullock

Messages: 53
Karma: 1
Send a private message to this user
  •  
ali.niksirat is currently offline ali.niksirat

Messages: 1
Karma: 0
Send a private message to this user
Hi guys
I got into a problem.
I set up Kerio Connect in a set and can not be a client with pptp or vpn on windows connect.
Someone can guide us
Previous Topic: IPS slowing down download
Next Topic: Routing Kerio Control
Goto Forum:
  

 ] [ PDF ]

Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Jul 23 19:10:19 CEST 2018

Total time taken to generate the page: 0.95260 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.