How to allow the remote VPN network to access specific local server only?

Support Model :
  • Tags :

VPN provides a convenient and secure connection between local network and remote network. Once VPN is up, remote network can access all the devices in the local network and vice versa. But what if we only want one specific server to be accessed by the remote VPN network? This document will demonstrate how to restrict the remote VPN users to access specific local server only and do not reach the rest of the network devices. Vigor Router can do it by VPN and by Firewall rule. Below is the example:

   

 

Method 1: By VPN Configurations

1. On the VPN LAN to LAN profile of the Vigor Router in Branch Office, change the remote network IP from the whole network to the server's IP only.

   

 

2. On the VPN LAN to LAN profile of the Vigor Router in Head Office, change the local network IP from the whole network to the server's IP only.

   

 

 3. When VPN is up, Branch Office Router will only have the route to the server IP 192.168.188.10/32 so that the clients in Branch Office can only access the server and cannot access the others.

   

 

 

Method 2: By Firewall Rule

1. We could create the firewall rule on head office router to limit the connection from the branch office. Go to Objects Setting >> IP Object page, click an available index to create an IP Object profile,

a. Enter Name

b. Select "LAN/DMZ/RT/VPN" as Interface

c. Select Address Type as "Single" and then enter the sever IP address 192.168.188.10

d. Click OK to Save

   

 

2. Click another available index to create an IP Object profile for the branch VPN network,

a. Enter Name

b. Select "LAN/DMZ/RT/VPN" as Interface

c. Select "Subnet" as Address Type and then enter the IP address 192.168.1.0 and Subnet Mask 255.255.255.0

d. Click OK to Save

   

 

3. Go to Firewall >> Filter Setup >> Default Data Filter page, click an available profile to create a Firewall rule to pass packets from branch office to head office server.

a. Enable this Firewall rule

b. Enter Profile Name

c. Direction: LAN/DMZ/RT/VPN → LAN/DMZ/RT/VPN

d. Source IP: Select the IP object we created for the branch VPN network

e. Destination IP: Select the IP object we created for the local server

f. Filter: Pass Immediately

   

 Note: We can specify the Service Type here if we only want specific service port of the server to be accessed by the remote VPN network.

 

4. Click another Index to create a IP Filter rule, the index number should larger then the one create at step 3, to block packets from branch office to the other IP addressess.

a. Enable this Firewall rule

b. Enter Profile Name

c. Direction: LAN/DMZ/RT/VPN → LAN/DMZ/RT/VPN

d. Source IP: Select the IP object we created for the branch vpn network

e. Destination IP: Any

f. Filter: Block Immediately

   

 

5. We can check Firewall log on Diagnostics >> Syslog Explorer page to see if the blocking is successful.

   

 

Was this article helpful ?
13How to allow the remote VPN network to access specific local server only? has been viewed------ 13 ------times.