You are here: Pulse Connect Secure > Pulse Connect Secure Administration Guide > Remote Access > VPN Tunneling > Defining VPN Tunneling Access Control Policies

Defining VPN Tunneling Access Control Policies

Use the VPN Tunneling Access Control tab to write a resource policy that controls resources users can connect to when using VPN tunneling.

To write a VPN tunneling access resource policy:

  1. In the admin console, choose Users > Resource Policies > VPN Tunneling > Access Control.
  2. On the Access Control page, click New Policy.
  3. On the New Policy page, enter:
    • A name to label this policy.
    • A description of the policy. (optional)
  1. In the Resources section, specify the IPv4/IPv6 resources to which this policy applies.

    Note: When a packet is fragmented, fragment #1 contains more information than all subsequent fragments. Fragment #1 contains the IP address, protocol, and port information. All subsequent fragmented packets contain just the IP address and protocol information. Therefore the VPN Tunneling ACL evaluates the first packet fragment different from the subsequent packet fragments. For the subsequent packet fragments, the system applies the VPN Tunneling ACL based on just the IP address and protocol since the port number is not available.

  1. In the Roles section, specify:
    • Policy applies to ALL roles—To apply this policy to all users.
    • Policy applies to SELECTED roles—To apply this policy only to users who are mapped to roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.
    • Policy applies to all roles OTHER THAN those selected below—To apply this policy to all users except for those who map to the roles in the Selected roles list. Make sure to add roles to this list from the Available roles list.
  1. In the Action section, specify:
    • Allow access—Select this option to grant access to the resources specified in the Resources list.
    • Deny access—Select this option to deny access to the resources specified in the Resources list.
    • Use Detailed Rules—Select this option to define resource policy rules that put additional restrictions on the specified resources.
  1. Click Save Changes.
  2. On the Access Policies page, order the policies according to how you want to evaluate them. Keep in mind that once the system matches the resource requested by the user to a resource in a policy’s (or a detailed rule’s) Resource list, it performs the specified action and stops processing policies.

Related Topics