Description: The customer is able to deploy the network connector to two different VPCs (VPC A, and VPC B) in an AWS and try to achieve restricting access to VPC A or VPC B based on the VPN user that is logged into the OpenVPN Connect client.
Resolution:
Step 1) First is to change the VPN Topology from the default setting from 'Full-Mesh' to 'Custom' to use the 'Access' group control rules.
You can change from your CloudConnexa Portal > Settings > Edit > VPN Topology > Custom(see the below screenshot)
CloudConnexa - Change the VPN Topology from Full-Mesh to Custom
Step 2) After changing the VPN Topology, proceed to configure your Access group control rules which you can do by specifying the access relationship between Sources (i.e. Who?) and Destinations (i.e. What?).
For your case, we can use the Source that the Users belong to specific "User Groups" and Destinations are the "Networks" you've set up.
You may start from your CloudConnexa Portal > Access > Create Access Group > Fill in the 'Access Group Name' > Source: User Groups (ex. Group A) > Destination: Networks (ex. VPC A) > Create(see the below sample screenshot)
CloudConnexa - Add an Access Group
Step 3) Do the same process as Step 2 but for different Sources(User Groups: Group B) and Destinations(Networks: VPC B)(see the below sample screenshot).
Note that the default mesh access group already exists.
Step 4) You can delete the default Access group when more than one Access group exists or after you've created your Access groups.
Step 5) Test the restriction and access from connected VPN users of Group A & B to the Networks of VPC A & B.
Comments
0 comments
Please sign in to leave a comment.