Allow VPN user access to only 1 server? Is this possible?
Hi Experts,
Is it possible to create a VPN user that is restricted to only one of our servers? For example if a user logs in to our VPN, can we restrict him to only access 192.168.0.19 but not allow him to access any other addresses/servers?
I realize I could just give the user credentials to one server and not create a user name for the other servers.I ask this because this would just be a security measure in case a hacker would obtain the user name and password and try to brute force their way in to a server.
Our current router is a Zyxel Zywal USG 100 .
Thanks in advance
Matt
Is it possible to create a VPN user that is restricted to only one of our servers? For example if a user logs in to our VPN, can we restrict him to only access 192.168.0.19 but not allow him to access any other addresses/servers?
I realize I could just give the user credentials to one server and not create a user name for the other servers.I ask this because this would just be a security measure in case a hacker would obtain the user name and password and try to brute force their way in to a server.
Our current router is a Zyxel Zywal USG 100 .
Thanks in advance
Matt
Last Comment
RyanShafer
You can always restrict access to the ports that your firewall is using to one ip address and then only that machine would be able to vpn to your server ;)
Sorry I did not see the whole question for some reason. One way to do this is to for example if your vpn assigns IP addresses via dhcp you can reserve a particular IP using the MAC address of the users machine and then restrict access on your private network for that IP to only the one server you wouldlike them to have access too. This obviously only works if the user only connects from one machine. Another solution is to apply this method to the entire range of IPs that are given out by the VPN, however you now restrict everyones VPN access to this one server. This may work best and then you can give yourself the reserved ip and then you have one box that can access all servers and other vpn clients only access the one server. Hope any of that helps.
ASKER
Thanks Ryan ,
This seems to be as complicated as I first thought it might be.... I dont want to restrict everyones VPN , and I dont fully understand how I could enter a MAC address in the router and block access to other servers... Are you saying enter the mac address of the machine and black list it on each server? That would be helpful to know but would not help me in this case because I wouldnt know the intruders MAC address in advance.
This seems to be as complicated as I first thought it might be.... I dont want to restrict everyones VPN , and I dont fully understand how I could enter a MAC address in the router and block access to other servers... Are you saying enter the mac address of the machine and black list it on each server? That would be helpful to know but would not help me in this case because I wouldnt know the intruders MAC address in advance.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
In addition if you have say a lot of people using this that you want to restrict and say a few admins. You can reserve IPs for the admins and give their IPs full access and then restrict the rest of the range that the vpn gives out so all other users are restricted ; )
Hi,
Are you able to configure multiple LT2P/IPSEC policies - you could have a new one for the 1 user that they have to use to connect to the device whilst everyone else uses your main policy?
Assuming you can allocate a different address pools to that policy, once connected, you can then restrict what that IP range can connect to and restrict it to the server?
Regards,
RobMobility.
Regards,
RobMobility.
Are you able to configure multiple LT2P/IPSEC policies - you could have a new one for the 1 user that they have to use to connect to the device whilst everyone else uses your main policy?
Assuming you can allocate a different address pools to that policy, once connected, you can then restrict what that IP range can connect to and restrict it to the server?
Regards,
RobMobility.
Regards,
RobMobility.
ASKER
I believe I can create a second policy, but im still not sure how I can restrict it
ASKER
This seems to be the solution, im still trying to figure out the firewall
VPN
A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.
26K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
