Title: Message

Thanks, I did not think of that.

 

John Tolmachoff

IT Manager, Network Engineer

RelianceSoft, Inc.

Fullerton, CA  92835

www.reliancesoft.com

 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Jesper Bach
Sent:
Sunday, October 06, 2002 10:39 PM
To: [EMAIL PROTECTED]
Subject: RE: [SonicWALL]- Restrict access from one computer in remote

 

At the remote office you could create a separate SA for the main office LAN and fone or the main office DMZ.

 

At the main office, terminate the SA for the DMZ at DMZ, and the SA for the LAN terminates at the LAN.

 

At the main office, at the SA terminating on the LAN, add only the allowed remote hosts (two) as destination addresses with subnet mask 255.255.255.255 (equals a host entry), allowing only those two hosts to reach the main office LAN.

 

At the main office, at the SA terminating on the DMZ, add the whole LAN IP range for the remote office, allowing all remote hosts tor each the DMZ.

 

/jesper

 

 

 -----Original Message-----
From: John Tolmachoff [mailto:[EMAIL PROTECTED]]
Sent: 6. oktober 2002 01:14
To: [EMAIL PROTECTED]
Subject: RE: [SonicWALL]- Restrict access from one computer in remote

How about, would a rule like this work:

 

Deny   Default          From LAN (the specific IP of that computer)         To LAN (IP range of the corporate domain)

 

John Tolmachoff

IT Manager, Network Engineer

RelianceSoft, Inc.

Fullerton, CA  92835

www.reliancesoft.com

 

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of John Tolmachoff
Sent:
Friday, October 04, 2002 1:04 PM
To: [EMAIL PROTECTED]
Subject: [SonicWALL]- Restrict access from one computer in remote
Importance: High

 

Is it possible to restrict access from one computer in a remote office going through a VPN to the main office from having access to the LAN?

 

Scenario:

 

Remote office has TELE3 with 2 computers that are a member of the domain at the Main office.

 

The main office has a PRO 100, with a LAN domain on the LAN port and a Public IP DMZ on the DMZ port.

 

We want to add a 3rd computer on the TELE3 for the purpose of running a program that is a bar code scanner that will update the SQL server in the DMZ.

 

The current VPN allows full access to LAN and DMZ.

 

Thought is for security, to only allow that program to connect to the SQL server through the VPN, but not necessarily trust the user to be on the domain or access the LAN.

 

Any thoughts or ideas?

 

John Tolmachoff

IT Manager, Network Engineer

RelianceSoft, Inc.

Fullerton, CA  92835

www.reliancesoft.com

 

Reply via email to