Solved

Cisco ASA 5505, would like to add a new restricted VPN tunnel for contractors

Posted on 2011-02-24
8
716 Views
Last Modified: 2012-05-11
Help with Cisco ASA 5505 and using the GUI (Cisco ASDM).  We already have a good working VPN tunnel for employee's to use.  I'm wanting to add a seperate VPN tunnel for some outsourced contractors that needs to get into a certain segment / VLAN on our network.  I'm wondeirng if that is even capable or possible first of all?  Unfortunaely this is fairly all new to me.  Any help will be greatly appreciated.  Below is a summary of how users are connecting right now.  Thank you.

Cisco VPN client with a .PCF file
Windows 2003 IAS Radius server
Active Directory VPN group membership
Cisco ASA 5505 (Software Version 8.2(1) & Device Manager Version 6.2(1))
0
Comment
Question by:33788
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34970134
So you want to limit the VPN to certain internal ip adresses or ranges? That should be possible. The VPN setup is using access lists to determine what traffic goes through the tunnel so you can put restrictions to those lists to limit the traffic.

Just remember, if they are able to connect to a certain machine on the network and that machine is able to connect to other machines on the network...............
0
 

Author Comment

by:33788
ID: 34970292
@erniebeek
Yes, wanting to limit the outsourced contractors to a certain internal IP addresss or ranges.  If I'm not mistaken they'll be using a seperate VPN client .PCF file than regular employee's.  
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34970370
Should be possible then.
And you're not mistaking, they'll be using a different .pcf. That file contains the setup and group authentication for the VPN. The group authentication defines which (group) policy they are using, and for them you want to create a new policy.
0
Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

 

Author Comment

by:33788
ID: 34970468
I didn't put this down but are the steps to do this using the GUI ASDM wizard?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 34970570
Just like you created the other VPN. Only at a certain moment the wizard will ask for address translation exemption and here you can define what hosts/networks can be reached through the tunnel.
You can also add an access list entry to the inside interface to block unwanted traffic to the clients from that side as well.
0
 

Author Comment

by:33788
ID: 35012412
I will try this out and let you know.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35304335
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question