I am building a large hub and spoke network, and absolutely cannot allow different remote offices to “see” each other, as they are different customers.
But - I with to use a PEPVPN connection from my office AND PPTP remote access to be able to access the entire network for support purposes.
There are two problems:
- the PPTP remote access is considered a “VLAN”, so if allow intervlan traffic is blocked then the PPTP user cannot access any remote site, or even the local LAN IPs. I am asking that there be an override control to allow this even if inter-vlan traffic is blocked.
- The intervlan allow/deny is global. It would be very useful to have a global allow/deny, then an overriding allow on each VPN. i.e. set global to deny, but go into profile REMOTE17 and be able to list others to be allowed.
#1 is the priority for me, but #2 would also be useful.