Customer requirements is to give SSL VPN access their employ and other supplier. They would like to create a network extension different for type of user:
- Employ need to reach internal network A e B
Supplier need to reach internal network B
First we need to follow this configuration example . And we need to add some other configurations to achieve customer’s need.
1, customer need to add a authentication policy for the network extent IP pool.
2, for the network extension, please add network A and B in the accessible private network segment list.
3, in the security policy, please add a policy deny the access to network A with other supplier.
1, create the group and users in the domain.
2, create the SSL VPN with web.
3, Binding ip pool (start with 10.1.1.1) with group1 (for employ). And binding another pool to the group for other supplier.
[sysname] v-gateway abc -into the ssl vpn gateway
[sysname-abc-service] network-extension netpool 10.1.1.1 10.1.1.10 255.255.255.0 -create the ip pool for group1
[sysname-abc-vpndb] group /default/group1 -add the group to v-gateway
[sysname-abc-vpndb] group /default/group1 network-extension netpool 10.1.1.1 -binding the ip pool with group
[sysname-abc-vpndb] display group -
[sysname-abc-vpndb] display user
[sysname-abc-vpndb] display group /default/group1 - Displays detailed information about a user group, including whether the user group is bound to a virtual IP address segment.
4, create a security policy deny the ip pool ( which is binding the group with supplier ) access to network A.
Source zone: ip pool, destination zone: network A. Action: deny