Cisco ASA 5505, would like to add a new restricted VPN tunnel for contractors

Help with Cisco ASA 5505 and using the GUI (Cisco ASDM).  We already have a good working VPN tunnel for employee's to use.  I'm wanting to add a seperate VPN tunnel for some outsourced contractors that needs to get into a certain segment / VLAN on our network.  I'm wondeirng if that is even capable or possible first of all?  Unfortunaely this is fairly all new to me.  Any help will be greatly appreciated.  Below is a summary of how users are connecting right now.  Thank you.

Cisco VPN client with a .PCF file
Windows 2003 IAS Radius server
Active Directory VPN group membership
Cisco ASA 5505 (Software Version 8.2(1) & Device Manager Version 6.2(1))
33788Asked:
Who is Participating?
 
Ernie BeekConnect With a Mentor ExpertCommented:
Just like you created the other VPN. Only at a certain moment the wizard will ask for address translation exemption and here you can define what hosts/networks can be reached through the tunnel.
You can also add an access list entry to the inside interface to block unwanted traffic to the clients from that side as well.
0
 
Ernie BeekExpertCommented:
So you want to limit the VPN to certain internal ip adresses or ranges? That should be possible. The VPN setup is using access lists to determine what traffic goes through the tunnel so you can put restrictions to those lists to limit the traffic.

Just remember, if they are able to connect to a certain machine on the network and that machine is able to connect to other machines on the network...............
0
 
33788Author Commented:
@erniebeek
Yes, wanting to limit the outsourced contractors to a certain internal IP addresss or ranges.  If I'm not mistaken they'll be using a seperate VPN client .PCF file than regular employee's.  
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
Ernie BeekExpertCommented:
Should be possible then.
And you're not mistaking, they'll be using a different .pcf. That file contains the setup and group authentication for the VPN. The group authentication defines which (group) policy they are using, and for them you want to create a new policy.
0
 
33788Author Commented:
I didn't put this down but are the steps to do this using the GUI ASDM wizard?
0
 
33788Author Commented:
I will try this out and let you know.
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.