First of all , legend:
There are Balance 2500 (7.0.1) and about 60 HD4 (6.3.2). There is PepVPN with SpeedFusion to each HD4 to Balance. Balance is connected to the internet via WAN port, and the same port is used for inbound PepVPN tunnels. Each HD4 got it’s own 2 VLANs with custom IP-pools. Clients of 1st VLAN should have full access to the internet and to the certain hosts inside corporation net only. There are no any restrictions for a clients of 2nd VLAN.
I can make an Access Rules on each HD4, but it’s really dumb work.
I see only two ways:
- Access Rules on Balance, cause it’s concentrator of tunnels. But this idea doesn’t work, because traffic don’t moving through - comes and goes from the same port (looks like). I’ve already tried setting rules with nothing as result.
- ACL sample that would be shared via IC2 or any other way. Is there any “other” way?
How i can isolate clients of 1st VLAN from bigger part of corporate network, but let them to connect to certain hosts inside it without limitations for internet access and without creating rules on each HD4 manually?
Thank you for participating.