Solved

Cisco ASA 5505, would like to add a new restricted VPN tunnel for contractors

Posted on 2011-02-24
8
717 Views
Last Modified: 2012-05-11
Help with Cisco ASA 5505 and using the GUI (Cisco ASDM).  We already have a good working VPN tunnel for employee's to use.  I'm wanting to add a seperate VPN tunnel for some outsourced contractors that needs to get into a certain segment / VLAN on our network.  I'm wondeirng if that is even capable or possible first of all?  Unfortunaely this is fairly all new to me.  Any help will be greatly appreciated.  Below is a summary of how users are connecting right now.  Thank you.

Cisco VPN client with a .PCF file
Windows 2003 IAS Radius server
Active Directory VPN group membership
Cisco ASA 5505 (Software Version 8.2(1) & Device Manager Version 6.2(1))
0
Comment
Question by:33788
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34970134
So you want to limit the VPN to certain internal ip adresses or ranges? That should be possible. The VPN setup is using access lists to determine what traffic goes through the tunnel so you can put restrictions to those lists to limit the traffic.

Just remember, if they are able to connect to a certain machine on the network and that machine is able to connect to other machines on the network...............
0
 

Author Comment

by:33788
ID: 34970292
@erniebeek
Yes, wanting to limit the outsourced contractors to a certain internal IP addresss or ranges.  If I'm not mistaken they'll be using a seperate VPN client .PCF file than regular employee's.  
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34970370
Should be possible then.
And you're not mistaking, they'll be using a different .pcf. That file contains the setup and group authentication for the VPN. The group authentication defines which (group) policy they are using, and for them you want to create a new policy.
0
Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

 

Author Comment

by:33788
ID: 34970468
I didn't put this down but are the steps to do this using the GUI ASDM wizard?
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 34970570
Just like you created the other VPN. Only at a certain moment the wizard will ask for address translation exemption and here you can define what hosts/networks can be reached through the tunnel.
You can also add an access list entry to the inside interface to block unwanted traffic to the clients from that side as well.
0
 

Author Comment

by:33788
ID: 35012412
I will try this out and let you know.
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 35304335
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question