Solved

pptp vpn user must be limited only to access 2 ip addresses

Posted on 2011-02-21
2
311 Views
Last Modified: 2012-05-11
Hi all,

I'm looking for a solution. We have a external company who installed a pc with plc controllers.
The need to maintain them and connect to them.
We need to give VPN access to them.
But we don't want this company to be able to connect to other ip addresses on our network.
Hence they could do a lot of things wrong. And we don't want that.

So, how can this be done?
We also have ISA server setup for VPN but I don't seem to find a solution to bind a user to specific IP addresses
0
Comment
Question by:osa2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 34945559
You cannot bind a specific user to an IP address.

One option is to use RDP for the two users rather than vpn. Each user can be pointed at a workstaion internally that is locked down to what you want them to have access to.
0
 
LVL 29

Accepted Solution

by:
pwindell earned 500 total points
ID: 34955056
1. You have to create an Account on your Domain for them to use.  Create a unique Group to go along with it and place the Account into that Group. Make that group the Default Group for that Account and then remove the Account from Domain Users Group.   Make sure the Account has Remote Access or "Dial-in" rights.

2. Create a User Object on the ISA to place the User Account (or its Group) in.

3. Create an Address Set containing the IP#s you want them to Access

4. Create an Access Rule as:

From: VPN Users
To: <aforementioned Address Set>
Users: <aforementioned User Set>
Protocols: <whatever>

5. Make sure that this Access Rule is above the other VPN Access Rule in the Rule list.  

6. Your other VPN Access Rules should also use a User Set that does not contain this user as an extra measure.      Do not allow VPN Access Rules to be anonymous ("All Users").
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question