VPNclient and access to LAN.

I would create 3 type of access to myLAN behind my router.

1) powerful access: it means user can access the LAN over IP and can surf Internet (even if not secure); 2) powerful access to LAN: it means user can not surf Internet but can communicate with whichever PC on the LAN to every ports and IP (it is allowed everything over IP protocol); 3) restricted access to LAN: it means user can not surf Internet and his/her access to the LAN must go under constraints.

Using "acl" option in client's section is not a good idea as it marks traffic to be protected. So I can not use it for people belonging to 1st group otherwise they will be permitted to surf Internet.

I ought to apply rules concerning VPNclients directly to outside interface but they will be mixed with others rules applied over that interface.

Is there a more pretty way? Should I use route maps? And how?

Moreover saying the LAN beyond the router is do you thing is a good idea to reserve a subnet (e.g for VPNclients? Doing that needs also to specify a route towards that range point to outside interface.

Sorry for the long post.


Reply to
Loading thread data ...

Sorry, I was wrong. 3rd group and not the 1st...

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.