I thought about that, but its not very secure, because they, as well
as other consultants, have access to the netscreen, and can change
those rules anytime.
I was thinking the best would be to block their traffic on my side.
That way they couldn't disable the rules to prevent them from
accessing my network segment.
I guess at this point I will just have to trust them.
On 4/12/06, mtnbkr <waa dash m0n0wall at revpol dot com> wrote:
> Joe Lagreca wrote:
> > Is it possible to create a one way IPsec VPN?
> > For example, I have created a IPsec VPN from my office m0n0wall, to
> > one of my clients Netscreen's. Is there some way I can set it up so
> > that I can access resources on their LAN, but not let them have them
> > have access to my LAN?
> > I have tried creating a few rules to try and prevent them having
> > access, but haven't had any success.
> > Has anyone tried this before? Is this even a possibility?
> Hi Joe.
> Yes, and yes. But it depends on Netscreen's capabilities. I do this with
> many of my clients - but all from m0n0wall <-> m0n0wall.
> To do this you will need to think in reverse. That is, on the CLIENT's
> Netscreen you will need to set up rule(s) to block all traffic TO your lan.
> If that is not possible on the Netscreen, you may consider moving them
> to a m0n0wall.
> Bill Arlofski
> Reverse Polarity