Quote:
Originally Posted by sebastan_bach  coldark mate i guess i will have to built those 4 rules. cause as i told u for the internet my network object is actually any .so even though i have a cleanup rule at the end which i have actually.
when the intranet users try to access the ext_ip2 they will get access cause they get matched in the network object of any.
so to restrict the intranet users to access only by ext_ip1 and the internet users to access only by ext_ip2.i guess i will need those 4 rules. |
Actually, since the rulebase is checked for a match sequentially, as long as the Intranet users' rule is first, it will match there and not continue to the next rule for SRC = Any that matches the second Public IP.
I believe this is the point coldark was making.
Edit: This may also cause you some issues with outbound traffic as well though since the NAT rules are also processed sequentially. You must insure that the manual NAT rules you put in place NAT both ways to Internal subnets only and this NAT must be above the public NAT. Then, on your public NAT rules, you can use any as a SRC so external connects will also NAT back on the correct IP (Public_NAT2).