So i am setting up somethign in my lab and ran into an issue that i can't find a solution for
1. i want to do a full tunnel and allow the users who log into to access specific servers .
2. i want all internal (on my company's network) computers to be able to connect to the Network Connected computers but the Network connected computers should not be able to initiate a connection to all of my Internal (on my company's network) computers except the ones i specified in step 1.
If i setup the ACL policy like
this does the part of the problem. But where do i allow the inbound traffic? All the inbound traffic from the internal network to the network connected computers is blocked by the IVE. i know this because there is no firewall in this lab setup between my internal network and the network connected IP addresses.
The only way i can allow internal computers to talk to the network connected computers is by adding the specific ip address of the internal computer and specify 10.1.2.3:* or if i do *.* as the policy.
NC ACL functionality will not be able to achieve what you need. You will need an external firewall for such ACL control.