[vpn-help] Limit policy ports to Juniper Device
Matthew Grooms
mgrooms at shrew.net
Tue Feb 9 00:49:45 CST 2010
On 2/8/2010 12:57 PM, Shawn Rawles wrote:
> I have an SSG appliance and am setting up a Certificate based Dial-up
> VPN using the Shrew Client. I have been able to get this to work.
> However, I would like to limit the ports in the policy but this seems
> entirely not possible as there are no config options for ports in Shrew.
> Does anyone know if this is possible?
>
Yes and no. The internals of the client actually understand using ports
as policy selectors. However, IP routes are used to ensure traffic will
be sourced from a virtual adapter. Since we can only specify IP address
granularity with routes, we don't offer port information as part of the
include / exclude policy definitions.
-Matthew
More information about the vpn-help
mailing list