Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Restrict VPN user to specific LAN IP?
  •  
ericbullock is currently offline ericbullock

Messages: 51
Karma: 1
Is there a way in Control to set up a VPN connection such that a specific user only has access to a specific resource? For example, I would like to give a remote user secure access to a FileMaker server on our LAN...and NOTHING else.

Is this possible?
  •  
bm

Messages: 29
Karma: 6
Easy...

Source: Firewall, VPN_User, FM_Server_IP
Destination: Firewall, VPN_User, FM_Server_IP
Service: FM_Server_Services
Action: Allow
  •  
Brian (GFI/Kerio) is currently offline Brian (GFI/Kerio)

Messages: 806
Karma: 84
Note that you also must remove "VPN clients" from the default "Local traffic" rule.

Brian Carmichael
Instructional Content Architect
  •  
ericbullock is currently offline ericbullock

Messages: 51
Karma: 1
Thanks Brian and bm! I will experiment with this later. I appreciate the guidance!
  •  
ericbullock is currently offline ericbullock

Messages: 51
Karma: 1
Brian, if I remove "VPN clients" from the default Local Traffic rule, will ALL of my VPN clients be restricted to only the FileMaker server? Basically I want 99% of my users to be able to access the entire LAN and that other 1% to only have access to FileMaker. I've created two user groups...one with all the members I want to have un-restricted access, and another group of users that I only want to have access to FileMaker.
  •  
Brian (GFI/Kerio) is currently offline Brian (GFI/Kerio)

Messages: 806
Karma: 84
In that case, remove 'VPN clients' in the local traffic rule and replace it with the user group that contains the un-restricted users.
Then add another rule that allows access from your restricted group to the FileMaker server.

Brian Carmichael
Instructional Content Architect
  •  
ericbullock is currently offline ericbullock

Messages: 51
Karma: 1
OK, so what I have now is this.

Rule for allowing "restricted" users access to FileMaker:

Source: Firewall, Restricted_VPN_Users, FM_Server_IP
Destination: Firewall, Restricted_VPN_Users, FM_Server_IP
Service: FM_Server_Services
Action: Allow

Default Local Traffic Rule:

Source: Firewall, Trusted/Local Interfaces, All VPN Tunnels, Trusted_VPN_Users
Destination: Firewall, Trusted/Local Interfaces, All VPN Tunnels, Trusted_VPN_Users
Service: Any
Action: Allow

Is that right?
  •  
Brian (GFI/Kerio) is currently offline Brian (GFI/Kerio)

Messages: 806
Karma: 84
Yes, this looks right. You probably don't need to include the firewall in your first rule unless they need to resolve the hostname of the FM server.

Brian Carmichael
Instructional Content Architect
  •  
ericbullock is currently offline ericbullock

Messages: 51
Karma: 1
  •  
ali.niksirat is currently offline ali.niksirat

Messages: 1
Karma: 0
Hi guys
I got into a problem.
I set up Kerio Connect in a set and can not be a client with pptp or vpn on windows connect.
Someone can guide us
Previous Topic: IPS slowing down download
Next Topic: Routing Kerio Control
Goto Forum:
  

 ] [ PDF ]

Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Jan 19 16:44:06 CET 2018

Total time taken to generate the page: 1.10860 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.