Configuring the Deny List for the VPN Router

The Deny list of the VPN router specifies the users and clients that cannot have access to the resources in your private network.

You can use this procedure to manage the users and clients that should be part of the Deny list.

Procedure

From the CommCell Browser, access the properties of the VPN router.
- If the router is a client, expand the Client Computers node, right-click the Client and click Properties.
- If the router is a client group, expand the Client Computer Groups node, right-click the Client_Group and click Properties.
In the properties dialog box, click Network.
In the Network Properties dialog box, click the VPN Config tab, and then click the VPN Router subtab.
In the Deny section, click Add.

In the VPN Router Access Control Entry dialog box, complete the following steps:

In the Users and Groups section, select the users that you want to block access to private resources.

Perform the configurations that meet your VPN requirements.

Configuration	Steps
Block all users to access private resources (Default configuration)	Click Add > Add All Users, and then click OK. Note: This operation replaces any user name in the list with All Users. You cannot undo this operation.
Block one or more users to access private resources	Click Add > Add User. In the Add User dialog box, select the users. To select multiple users, press and hold the Ctrl key. You can find a user by typing the user name in the Search box. Click OK.
Block one or more user groups to access private resources	Click Add > Add User Group. In the Add User Groups dialog box, select the user groups. To make multiple selections, press and hold the Ctrl key. You can find a user by typing the user name in the Search box. Click OK.
Block external groups from a list of available external groups	Click Add > Add External Group. In the Add New User Group dialog box, select the name of the external group and click OK.

In the Clients and Client Groups section, select the clients that you want to block access to private resources. These are the computers that you plan to set as VPN clients. The users that you selected in step 5a must be able to access the clients that you want to add to the list.

Perform the configurations that apply to your VPN requirements.

Configuration	Steps
Block access to private resources from all client computers (Default configuration)	Click Add > Add Clients, and then click OK. Note: This operation replaces any client name in the list with All Clients. You cannot undo this operation.
Block one or more clients to access private resources	Click Add > Add Client. In the Add Client dialog box, select the clients. To select multiple clients, press and hold the Ctrl key. You can find a client by typing the client name in the Search box. Click OK.
Block one or more client groups to access private resources	Click Add > Add Client Group. In the Add Client Group dialog box, select the client groups. To make multiple selections, press and hold the Ctrl key. You can find a user by typing the user name in the Search box. Click OK.

Configuration

Steps

Block access to private resources from all client computers (Default configuration)

Click Add > Add Clients, and then click OK.

Note: This operation replaces any client name in the list with All Clients. You cannot undo this operation.

Block one or more clients to access private resources

Click Add > Add Client.
In the Add Client dialog box, select the clients. To select multiple clients, press and hold the Ctrl key.

You can find a client by typing the client name in the Search box.
Click OK.

Block one or more client groups to access private resources

Click Add > Add Client Group.
In the Add Client Group dialog box, select the client groups. To make multiple selections, press and hold the Ctrl key.

You can find a user by typing the user name in the Search box.
Click OK.

In the Destinations section, select one of the following options:
- To block connection requests to all private resources that are in the same local area network (LAN) as the VPN router, click All Hosts in LAN.
- To block connection requests to specific private resources, click Hosts and enter the host names of the computers. Make sure that the host names are separated with a comma (,).
  
  Note: Entering a single asterisk (*) is equivalent to selecting All Hosts in LAN.
- To restrict connections to a single IP address, click IPs and enter the IP address details. If you specify the IP of a subnet, make sure to include a CIDR value after the slash (/).
In the Destination Ports section, enter the ports that VPN clients selected in step 5b are NOT allowed to access on the private resource. Consider the following requirements:
- The port numbers must be separated with a comma (,).
- If you want to specify port ranges, use hyphens. For example, 40-50.
Tip: To review common ports that you might want to configure, see Common Well-Known Ports Used by VPN Clients.
Click OK.

If you want to add more users and clients to the Deny list, click Add and repeat step 5.
Click OK to close the Network Properties dialog box.

Configuring the Deny List for the VPN Router

Procedure

Related Topics