Hey guys,
Im sorry if this may seem like a silly inquiry, but its baffling to me why it fails. So I was trying to test something with the customer and we cant seem to figure it out. So, here is the situation...what we would like to be able to do is get direct ssh access to the firewalls once you connect via vpn endpoint client.
We created a rule on top saying from office mode net to the cluster, allow on ssh, but that does not seem to work. There are few layers below and on vpn layer, parent rule is simply office mode net to any on vpn layer itself and then one of rules below allows the access. Same for internal layer...here is the kicker...the 2nd rule we created, which is to block pings from anywhere to firewall also does not seem to do anything, as it has 0 hits, but pings to cluster are blocked by the last implicit clean up rule.
Anyway, they simply want to be able to give ssh access to certain people when they connect to vpn, so they dont need to remote desktop further into anything. I checked office mode community and it shows that vpn domain is set for everything behind the gateways based on topology, so that seems correct.
Any suggestions/insight would be helpful. I talked to TAC about it and they have no clue and to make it worse, they dont even want to bother trying...such a waste of time.
Tx!