BOVPN policy from "Tunnel Address" using "Any-BOVPN"
I just tried to set up an andvanced ingoing policy for our BOVPNs.
Assuming there are 3 active tunnels:
We also have a group of privileged users (group
privileged-users) that should be allowed to access our local resources in a "trusted" network via those BOVPN tunnels.
So my approach was to setup a new policy (call it
To: Any-Trusted (for testing purposes)
With this setup the policy is NOT applied to (e.g.) an authenticated user from
office-a.tun. However, if I change the From member to:
Tunnel-Address with same User/Group but the specific Tunnel eg.
office-a.tun, it's working fine.
This is not how I interprete the alias
ANY-BOVPN and would require us to add a From member for each BOVPN (in face, there are a lot...)
Any thoughts on this?