Solved

Add a vpn subnet

Posted on 2011-09-27
13
257 Views
Last Modified: 2012-05-12
We have people using vpn to log into our network.  We however have two different subnets.   I was wondering if there is a way to dictate which internal subnet users get based on their user name or some other variable.  We are using 2003 server, and Routing and remote access to do VPN
0
Comment
Question by:TechGuy_007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
13 Comments
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710282
by username??  Maybe.  Can the subnets communicate with each other?  Can the firewall see both subnets?
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710298
what is doing the authentication (i.e. radius, cisco)?
0
 

Author Comment

by:TechGuy_007
ID: 36710345
The subnets cant communicate. I had to add a second IP to the server that we want our vendor to access but we dont went them to have access to the entire network. So we want there VPN access to only allow access to the second subnet.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710509
statically assign an ip address to his username after he authenticates.  make sure the firewall can communicate to the other subnet.  when that user logs in they will automatically be thrown into the other subnet.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710516
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710528
and if you added a second ip address to a server that the vendor has access to, wont he have access to the entire network once he logs in to that particular server?
0
 

Author Comment

by:TechGuy_007
ID: 36710819
That is what we want to avoid. We want his VPN access limited to his server only.
0
 

Author Comment

by:TechGuy_007
ID: 36710912
We dont have a pix or ASA.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36711627
what firewall are you using?  where are you handling the DHCP for VPN connections?  what are you using for authentication for users as they come into the network?
0
 

Author Comment

by:TechGuy_007
ID: 36712105
we have a watch gaurd
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36712357
And is that handling vpn dhcp and authentication?
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36717836
You can have multiple policies on your watchguard.  you can give the user a different vpn ipsec configuration, and setup a different DHCP scope inside the firewall for whatever subnet you are wanting and assign it to the profile.
0
 
LVL 4

Accepted Solution

by:
Andy Keeney earned 500 total points
ID: 36717864
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Unable to access VM console from vSphere ? 2 102
Connecting via HTTP / HTTPS 10 79
I am looking for a reliable program to clone servers 5 105
port-forwarding asa 9.5 9 26
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question