Avatar of meshoxford
meshoxfordFlag for United States of America

asked on 

Allow VPN user access to only 1 server? Is this possible?

Hi Experts,

Is it possible to create a VPN user that is restricted to only one of our servers? For example if a user logs in to our VPN, can we restrict him to only access 192.168.0.19 but not allow him to access any other addresses/servers?  

I realize I could just give the user credentials to one server and not create a user name for the other servers.I ask this because this would just be a security measure in case a hacker would obtain the user name and password and try to brute force their way in to a server.

Our current router is a Zyxel Zywal USG 100 .

Thanks in advance

Matt
VPN

Avatar of undefined
Last Comment
meshoxford
Avatar of RyanShafer
RyanShafer
Flag of United States of America image

You can always restrict access to the ports that your firewall is using to one ip address and then only that machine would be able to vpn to your server ;)
Avatar of RyanShafer
RyanShafer
Flag of United States of America image

Sorry I did not see the whole question for some reason.  One way to do this is to for example if your vpn assigns IP addresses via dhcp you can reserve a particular IP using the MAC address of the users machine and then restrict access on your private network for that IP to only the one server you wouldlike them to have access too.  This obviously only works if the user only connects from one machine.  Another solution is to apply this method to the entire range of IPs that are given out by the VPN, however you now restrict everyones VPN access to this one server.  This may work best and then you can give yourself the reserved ip and then you have one box that can access all servers and other vpn clients only access the one server.  Hope any of that helps.
Avatar of meshoxford
meshoxford
Flag of United States of America image

ASKER

Thanks Ryan ,

This seems to be as complicated as I first thought it might be.... I dont want to restrict everyones VPN , and I dont fully understand how I could enter a MAC address in the router and block access to other servers... Are you saying enter the mac address of the machine and black list it on each server? That would be helpful to know but would not help me in this case because I wouldnt know the intruders MAC address in advance.
ASKER CERTIFIED SOLUTION
Avatar of RyanShafer
RyanShafer
Flag of United States of America image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of RyanShafer
RyanShafer
Flag of United States of America image

In addition if you have say a lot of people using this that you want to restrict and say a few admins.  You can reserve IPs for the admins and give their IPs full access and then restrict the rest of the range that the vpn gives out so all other users are restricted ; )
Avatar of Rob Knight
Rob Knight
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi,

Are you able to configure multiple LT2P/IPSEC policies - you could have a new one for the 1 user that they have to use to connect to the device whilst everyone else uses your main policy?

Assuming you can allocate a different address pools to that policy, once connected, you can then restrict what that IP range can connect to and restrict it to the server?

Regards,


RobMobility.

Regards,


RobMobility.
Avatar of meshoxford
meshoxford
Flag of United States of America image

ASKER

I believe I can create a second policy, but im still not sure how I can restrict it
Avatar of meshoxford
meshoxford
Flag of United States of America image

ASKER

This seems to be the solution, im still trying to figure out the firewall
VPN
VPN

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

26K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo