Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco ASA 5505, would like to add a new restricted VPN tunnel for contractors

Posted on 2011-02-24
8
Medium Priority
?
718 Views
Last Modified: 2012-05-11
Help with Cisco ASA 5505 and using the GUI (Cisco ASDM).  We already have a good working VPN tunnel for employee's to use.  I'm wanting to add a seperate VPN tunnel for some outsourced contractors that needs to get into a certain segment / VLAN on our network.  I'm wondeirng if that is even capable or possible first of all?  Unfortunaely this is fairly all new to me.  Any help will be greatly appreciated.  Below is a summary of how users are connecting right now.  Thank you.

Cisco VPN client with a .PCF file
Windows 2003 IAS Radius server
Active Directory VPN group membership
Cisco ASA 5505 (Software Version 8.2(1) & Device Manager Version 6.2(1))
0
Comment
Question by:33788
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34970134
So you want to limit the VPN to certain internal ip adresses or ranges? That should be possible. The VPN setup is using access lists to determine what traffic goes through the tunnel so you can put restrictions to those lists to limit the traffic.

Just remember, if they are able to connect to a certain machine on the network and that machine is able to connect to other machines on the network...............
0
 

Author Comment

by:33788
ID: 34970292
@erniebeek
Yes, wanting to limit the outsourced contractors to a certain internal IP addresss or ranges.  If I'm not mistaken they'll be using a seperate VPN client .PCF file than regular employee's.  
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34970370
Should be possible then.
And you're not mistaking, they'll be using a different .pcf. That file contains the setup and group authentication for the VPN. The group authentication defines which (group) policy they are using, and for them you want to create a new policy.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:33788
ID: 34970468
I didn't put this down but are the steps to do this using the GUI ASDM wizard?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 34970570
Just like you created the other VPN. Only at a certain moment the wizard will ask for address translation exemption and here you can define what hosts/networks can be reached through the tunnel.
You can also add an access list entry to the inside interface to block unwanted traffic to the clients from that side as well.
0
 

Author Comment

by:33788
ID: 35012412
I will try this out and let you know.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35304335
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question