• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 289
  • Last Modified:

Add a vpn subnet

We have people using vpn to log into our network.  We however have two different subnets.   I was wondering if there is a way to dictate which internal subnet users get based on their user name or some other variable.  We are using 2003 server, and Routing and remote access to do VPN
0
TechGuy_007
Asked:
TechGuy_007
  • 9
  • 4
1 Solution
 
Andy KeeneyCommented:
by username??  Maybe.  Can the subnets communicate with each other?  Can the firewall see both subnets?
0
 
Andy KeeneyCommented:
what is doing the authentication (i.e. radius, cisco)?
0
 
TechGuy_007Author Commented:
The subnets cant communicate. I had to add a second IP to the server that we want our vendor to access but we dont went them to have access to the entire network. So we want there VPN access to only allow access to the second subnet.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Andy KeeneyCommented:
statically assign an ip address to his username after he authenticates.  make sure the firewall can communicate to the other subnet.  when that user logs in they will automatically be thrown into the other subnet.
0
 
Andy KeeneyCommented:
0
 
Andy KeeneyCommented:
and if you added a second ip address to a server that the vendor has access to, wont he have access to the entire network once he logs in to that particular server?
0
 
TechGuy_007Author Commented:
That is what we want to avoid. We want his VPN access limited to his server only.
0
 
TechGuy_007Author Commented:
We dont have a pix or ASA.
0
 
Andy KeeneyCommented:
what firewall are you using?  where are you handling the DHCP for VPN connections?  what are you using for authentication for users as they come into the network?
0
 
TechGuy_007Author Commented:
we have a watch gaurd
0
 
Andy KeeneyCommented:
And is that handling vpn dhcp and authentication?
0
 
Andy KeeneyCommented:
You can have multiple policies on your watchguard.  you can give the user a different vpn ipsec configuration, and setup a different DHCP scope inside the firewall for whatever subnet you are wanting and assign it to the profile.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

  • 9
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now