Hi,
I have configured Dynamic VPN as per:
In the documentation it states the the security policy must be configured as follows:
from-zone untrust to-zone trust {
policy dyn-vpn-policy {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
tunnel {
ipsec-vpn dyn-vpn;
}
}
}
}How do I filter traffic once is has been allowed through the VPN? I am trying to understand conceptually what zone the traffic is now in (if any) and how the traffic moves through the device. For example authenticated vpn clients can only connect to a web server at address 192.168.1.10/24.
Further to this for every zone that I need to reach via the VPN do I need to to specify the same permit all block (as above), that matches the destination zone and points to the vpn?
Your help is much apprecaited.
Thanks,
Andrew