Solved

Add a vpn subnet

Posted on 2011-09-27
13
253 Views
Last Modified: 2012-05-12
We have people using vpn to log into our network.  We however have two different subnets.   I was wondering if there is a way to dictate which internal subnet users get based on their user name or some other variable.  We are using 2003 server, and Routing and remote access to do VPN
0
Comment
Question by:TechGuy_007
  • 9
  • 4
13 Comments
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710282
by username??  Maybe.  Can the subnets communicate with each other?  Can the firewall see both subnets?
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710298
what is doing the authentication (i.e. radius, cisco)?
0
 

Author Comment

by:TechGuy_007
ID: 36710345
The subnets cant communicate. I had to add a second IP to the server that we want our vendor to access but we dont went them to have access to the entire network. So we want there VPN access to only allow access to the second subnet.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710509
statically assign an ip address to his username after he authenticates.  make sure the firewall can communicate to the other subnet.  when that user logs in they will automatically be thrown into the other subnet.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710516
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710528
and if you added a second ip address to a server that the vendor has access to, wont he have access to the entire network once he logs in to that particular server?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 

Author Comment

by:TechGuy_007
ID: 36710819
That is what we want to avoid. We want his VPN access limited to his server only.
0
 

Author Comment

by:TechGuy_007
ID: 36710912
We dont have a pix or ASA.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36711627
what firewall are you using?  where are you handling the DHCP for VPN connections?  what are you using for authentication for users as they come into the network?
0
 

Author Comment

by:TechGuy_007
ID: 36712105
we have a watch gaurd
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36712357
And is that handling vpn dhcp and authentication?
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36717836
You can have multiple policies on your watchguard.  you can give the user a different vpn ipsec configuration, and setup a different DHCP scope inside the firewall for whatever subnet you are wanting and assign it to the profile.
0
 
LVL 4

Accepted Solution

by:
Andy Keeney earned 500 total points
ID: 36717864
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now