BOVPN Restricting to specific IP addresses
BOVPN configured between two sites
Site A - Firebox T30-W - 12.5.5.B630561 - 10.0.30.0/24
Site B - Firebox T35W - 12.1.3.B563398 - 192.168.1.0/24
Gateway and tunnel defined.
In the tunnel definition when I set local and remote IP settings to Network IPv4 and define the two network segments the BOVPN connects and works perfectly. This however opens the BOVPN to all devices.
The BOVPN function is to provide a VPN for an offsite backup solution and ideally I want traffic restricted to the main server on Site B (192.168.1.1) and the offsite server on Site A. (10.0.30.32). To achieve this I have changed the local and remote IP's in the tunnel definition to the respective IPv4 addresses - 192.168.1.1 and 10.0.30.32.
When I do this I do not get any traffic over the BOVPN between 192.168.1.1 and 10.0.30.32. Is this the correct way to try and restrict traffic or should I replicate the BOVPN default firewall rule and set the appropriate IP's in the rule?
Thanks
Will
Comments
In the tunnel configuration, deselect 'Add this tunnel to the BOVPN-Allow policies' option, then just create the rules that you require for the specific traffic.
I would expect a single IP addr at each end BOVPN to work.
Did the change to a single IP addr happen at both ends?
The suggestion from MattS will work too.
MattS - The solution from MattS works. Many thanks.
Bruce - When I changing to a single IP addr at each end of the BOVPN I get not traffic over the VPN.
Bruce - With confirmation that specifying a single IPv4 addr is the correct route I went back and rekeyed all of the tunnel information on both ends of the BOVPN. I am now getting traffic between the two servers.
Many thanks
Will