SSL VPN
Reply
Trusted Contributor
Mrkool
Posts: 248
Registered: ‎02-28-2008
0

Network Connect Access Control - inbound ACL

So i am setting up somethign in my lab and ran into an issue that i can't find a solution for

 

1.  i want to do a full tunnel and allow the users who log into to access specific servers .

2. i want all internal (on my company's network) computers to be able to connect to the Network Connected computers but the Network connected computers should not be able to initiate a connection to all of my Internal (on my company's network) computers except the ones i specified in step 1.

 

If i setup the ACL policy like

 

10.x.x.x.:81

10.x.x.x.:8443

etc

 

this does the part of the problem. But where do i allow the inbound traffic? All the inbound traffic from the internal network to the network connected computers is blocked by the IVE. i know this because there is no firewall in this lab setup between my internal network and the network connected IP addresses.

 

The only way i can allow internal computers to talk to the network connected computers is by adding the specific ip address of the internal computer and specify 10.1.2.3:* or if i do *.* as the policy.

SA-6500 (7.3R3) Production
MAG 4610 (7.4) Lab
Moderator
zanyterp
Posts: 2,274
Registered: ‎11-19-2007
0

Re: Network Connect Access Control - inbound ACL

You need to allow all ports from the servers. The ACL is for both inbound & outbound connections; inbound requires * as you can't control the inbound port.
Moderator Moderator
Moderator
ruc
Posts: 212
Registered: ‎11-06-2007
0

Re: Network Connect Access Control - inbound ACL

NC ACL functionality will not be able to achieve what you need. You will need an external firewall for such ACL control.

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB20394

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.