Cisco ASA 5505, would like to add a new restricted VPN tunnel for contractors

Help with Cisco ASA 5505 and using the GUI (Cisco ASDM).  We already have a good working VPN tunnel for employee's to use.  I'm wanting to add a seperate VPN tunnel for some outsourced contractors that needs to get into a certain segment / VLAN on our network.  I'm wondeirng if that is even capable or possible first of all?  Unfortunaely this is fairly all new to me.  Any help will be greatly appreciated.  Below is a summary of how users are connecting right now.  Thank you.

Cisco VPN client with a .PCF file
Windows 2003 IAS Radius server
Active Directory VPN group membership
Cisco ASA 5505 (Software Version 8.2(1) & Device Manager Version 6.2(1))
33788Asked:
Who is Participating?
 
Ernie BeekConnect With a Mentor ExpertCommented:
Just like you created the other VPN. Only at a certain moment the wizard will ask for address translation exemption and here you can define what hosts/networks can be reached through the tunnel.
You can also add an access list entry to the inside interface to block unwanted traffic to the clients from that side as well.
0
 
Ernie BeekExpertCommented:
So you want to limit the VPN to certain internal ip adresses or ranges? That should be possible. The VPN setup is using access lists to determine what traffic goes through the tunnel so you can put restrictions to those lists to limit the traffic.

Just remember, if they are able to connect to a certain machine on the network and that machine is able to connect to other machines on the network...............
0
 
33788Author Commented:
@erniebeek
Yes, wanting to limit the outsourced contractors to a certain internal IP addresss or ranges.  If I'm not mistaken they'll be using a seperate VPN client .PCF file than regular employee's.  
0
The eGuide to Automating Firewall Change Control

Today‚Äôs IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

 
Ernie BeekExpertCommented:
Should be possible then.
And you're not mistaking, they'll be using a different .pcf. That file contains the setup and group authentication for the VPN. The group authentication defines which (group) policy they are using, and for them you want to create a new policy.
0
 
33788Author Commented:
I didn't put this down but are the steps to do this using the GUI ASDM wizard?
0
 
33788Author Commented:
I will try this out and let you know.
0
 
QlemoDeveloperCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0
All Courses

From novice to tech pro — start learning today.