cancel
Showing results for 
Search instead for 
Did you mean: 

Network Connect - ACL

bratfett_
Occasional Contributor

Network Connect - ACL

Hi,

i have one very basic question.

i want allow remote nc users access to an intranet webserver with the ip 10.2.2.2 on port 80.

An ACL entry like -> tcp://10.2.2.2:80 should be the right way.

Is this correct?

I ask this because i got confussed after reading the chapter "Use Case: Network Connect Resource Policy Configuration" in the Secure Access Configuration Guide 6.5 on page 667.

It seems that in this real world example they explain to use the address range of the nc client IPs in the ACL.

Is this example from the admin guide maybe wrong?

kind regards

1 REPLY 1
cbarcellos_
Regular Contributor

Re: Network Connect - ACL

bratfett,

You're on the right track, here is a copy and paste from the admin guide:

"1. Create a new Network Connect resource policy where you specify the three
servers to which you want to grant remote users access following the
instructions described in Defining Network Connect Access Control PoliciesÓ
on page 655:
a. In the Resources section, specify the IP address ranges necessary to allow
access to the three servers ( outlook.acme.com,Ó
oracle.financial.acme.com,Ó and case.remedy.acme.comÓ) separated by
carriage returns.
udp://10.2.3.64-127:80,443
udp://10.2.3.192-255:80,443
b. In the Roles section, select the Policy applies to SELECTED roles option
and ensure that only the user_role_remoteÓ role appears in the Selected
roles list.
c. In the Action section, select the Allow access option."

The next section talks about defining the rest of the NC policy, which is different from the ACL.