I have 2 networks created in my SRX240 router
10.1.0.0/16
172.21.0.0/16
and the 2 networks can talk to each other on the LAN
i will like to add a third network that will not be able to access these LAN networks
10.11.0.0/16
this will be like a DMZ network. It will ONLY be able to connect to the internet and not be able to reach any of the other LAN networks
I will like to be able to access the network via VPN ofcourse...all i just want is that the 10.11.0.0/16 DMZ network will not be able to connect to LAN network. Only internet that is all
here is what i have, looking for some guidance on what code to add to this current setup
dhcp {
pool 10.1.0.0/16 {
address-range low 10.1.1.10 high 10.1.255.254;
maximum-lease-time 6048000;
default-lease-time 6048000;
router {
10.1.0.1;
}
}
pool 172.21.0.0/16 {
address-range low 172.21.0.1 high 172.21.255.254;
router {
172.21.0.1;
}
}
}
...
...
...
dynamic-vpn {
access-profile dyn-vpn-access-profile;
clients {
all {
remote-protected-resources {
10.1.0.0/16;
172.21.0.0/16;
}
remote-exceptions {
0.0.0.0/0;
}
ipsec-vpn dyn-vpn;
user {
vpn-user;
}
}
}
}