I have an edge MX is connected directly to MS 425 and All my Server farm connected to MS425.
VPN client using 172.16.100.0/24 subnet and all remote users have access to all server's traffic via this subnet.
Now i decided to control some remote users to not going everywhere but how? I have no ACL in VPN client Also I have no option to make static VPN client IP for users, looks like VPN client in MX just makes DHCP without any option?!!!
thanks for your support
Maybe my bad, my question is how control IP That VPN client do not give me Option to contol it.
The problem still there because if i assign an IP to the user via policy i can't control VPN client subnet to avoid assign Same IP to another machine VIA auto DHCP in VPN client.
Why would you need to control the IP address that the client VPN user gets? Client VPN users will get unique IP addresses.
Just specify the firewall policy in the group policy to control what they can access.
Because we have many different Servers/Resources and remote users need to connect to a specific different server, i need to filter them via IP in ACL, at the moment because we have no control of VPN Client subnet, we can not do it.
VPN client IP Like a DHCP server with no option.
because the user pulling IP from VPN client DHCP, the user has different IP when they connected to VPN and next time it gets changed, so I can not make ACL based of IP.
Filter then using group policy. The firewall policy is then applied to their connection and it does not matter what ip address they get assigned.