Solved

Add a vpn subnet

Posted on 2011-09-27
13
256 Views
Last Modified: 2012-05-12
We have people using vpn to log into our network.  We however have two different subnets.   I was wondering if there is a way to dictate which internal subnet users get based on their user name or some other variable.  We are using 2003 server, and Routing and remote access to do VPN
0
Comment
Question by:TechGuy_007
  • 9
  • 4
13 Comments
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710282
by username??  Maybe.  Can the subnets communicate with each other?  Can the firewall see both subnets?
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710298
what is doing the authentication (i.e. radius, cisco)?
0
 

Author Comment

by:TechGuy_007
ID: 36710345
The subnets cant communicate. I had to add a second IP to the server that we want our vendor to access but we dont went them to have access to the entire network. So we want there VPN access to only allow access to the second subnet.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710509
statically assign an ip address to his username after he authenticates.  make sure the firewall can communicate to the other subnet.  when that user logs in they will automatically be thrown into the other subnet.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710516
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710528
and if you added a second ip address to a server that the vendor has access to, wont he have access to the entire network once he logs in to that particular server?
0
 

Author Comment

by:TechGuy_007
ID: 36710819
That is what we want to avoid. We want his VPN access limited to his server only.
0
 

Author Comment

by:TechGuy_007
ID: 36710912
We dont have a pix or ASA.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36711627
what firewall are you using?  where are you handling the DHCP for VPN connections?  what are you using for authentication for users as they come into the network?
0
 

Author Comment

by:TechGuy_007
ID: 36712105
we have a watch gaurd
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36712357
And is that handling vpn dhcp and authentication?
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36717836
You can have multiple policies on your watchguard.  you can give the user a different vpn ipsec configuration, and setup a different DHCP scope inside the firewall for whatever subnet you are wanting and assign it to the profile.
0
 
LVL 4

Accepted Solution

by:
Andy Keeney earned 500 total points
ID: 36717864
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question