In USG2210 equipment, restricted certain public IP can VPN dial-up connection, and the other not allowed, enable ACL do limitation, found it has no effect.
1, checking ACL detailed content and format are accurate, which are consistent with actual requirements.
2, check ACL application area, found application area is wrong, analysis: the outside users dial-up into VPN, dial-up is in firewall local area. ACL applied in” untrust trust” area, the ACL applied in untrust local regional, through the test, found ACL applied successfully.
1, ACL configuration is not correct.
2, ACL application didn’t success.
First of all understanding the L2TP VPN dialing principle, according to the customer demands to implement the limit work, it will be more easy, VPN dialing into local domain from “untrust”, if use ACL restrict certain public IP, it should be applied in “untrust trust” regional.