Considerations for remote access VPN
The example that has been shown can be extended by adding a separate zone to handle remote access VPN users. VPN users are treated like users in the private zone (though it is not necessary to do so). To this end, a separate VPN zone is created and policies are applied just like for private zone users.
One difference between VPN users and private zone users is that all remote access VPN users that access the vRouter are presented as separate L2TP or PPTP interfaces so that each interface is defined as “l2tp” or “pptp”, which means it can be either an L2TP or PPTP interface.
The following example assumes that no interaction is required between the VPN zone and the private zone. This configuration shows each of the zones now that the VPN zone has been added.
Step | Command |
---|---|
Show the VPN zone policy configuration. The interface l2tp+ command means any L2TP connection. The interface pptp+ command means any PPTP connection. |
|
Show the DMZ policy configuration (the from vpn section has been added). |
|
Show the private zone policy configuration (no changes to the private zone as there is no traffic between the private and VPN zones). |
|
Show the public zone policy configuration (the from vpn section has been added). |
|
Show the local zone policy configuration (the from vpn section has been added). |
|