Solved

Add a vpn subnet

Posted on 2011-09-27
13
255 Views
Last Modified: 2012-05-12
We have people using vpn to log into our network.  We however have two different subnets.   I was wondering if there is a way to dictate which internal subnet users get based on their user name or some other variable.  We are using 2003 server, and Routing and remote access to do VPN
0
Comment
Question by:TechGuy_007
  • 9
  • 4
13 Comments
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710282
by username??  Maybe.  Can the subnets communicate with each other?  Can the firewall see both subnets?
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710298
what is doing the authentication (i.e. radius, cisco)?
0
 

Author Comment

by:TechGuy_007
ID: 36710345
The subnets cant communicate. I had to add a second IP to the server that we want our vendor to access but we dont went them to have access to the entire network. So we want there VPN access to only allow access to the second subnet.
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710509
statically assign an ip address to his username after he authenticates.  make sure the firewall can communicate to the other subnet.  when that user logs in they will automatically be thrown into the other subnet.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710516
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710528
and if you added a second ip address to a server that the vendor has access to, wont he have access to the entire network once he logs in to that particular server?
0
 

Author Comment

by:TechGuy_007
ID: 36710819
That is what we want to avoid. We want his VPN access limited to his server only.
0
 

Author Comment

by:TechGuy_007
ID: 36710912
We dont have a pix or ASA.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36711627
what firewall are you using?  where are you handling the DHCP for VPN connections?  what are you using for authentication for users as they come into the network?
0
 

Author Comment

by:TechGuy_007
ID: 36712105
we have a watch gaurd
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36712357
And is that handling vpn dhcp and authentication?
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36717836
You can have multiple policies on your watchguard.  you can give the user a different vpn ipsec configuration, and setup a different DHCP scope inside the firewall for whatever subnet you are wanting and assign it to the profile.
0
 
LVL 4

Accepted Solution

by:
Andy Keeney earned 500 total points
ID: 36717864
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question