Solved

Add a vpn subnet

Posted on 2011-09-27
13
258 Views
Last Modified: 2012-05-12
We have people using vpn to log into our network.  We however have two different subnets.   I was wondering if there is a way to dictate which internal subnet users get based on their user name or some other variable.  We are using 2003 server, and Routing and remote access to do VPN
0
Comment
Question by:TechGuy_007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 4
13 Comments
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710282
by username??  Maybe.  Can the subnets communicate with each other?  Can the firewall see both subnets?
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710298
what is doing the authentication (i.e. radius, cisco)?
0
 

Author Comment

by:TechGuy_007
ID: 36710345
The subnets cant communicate. I had to add a second IP to the server that we want our vendor to access but we dont went them to have access to the entire network. So we want there VPN access to only allow access to the second subnet.
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710509
statically assign an ip address to his username after he authenticates.  make sure the firewall can communicate to the other subnet.  when that user logs in they will automatically be thrown into the other subnet.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710516
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36710528
and if you added a second ip address to a server that the vendor has access to, wont he have access to the entire network once he logs in to that particular server?
0
 

Author Comment

by:TechGuy_007
ID: 36710819
That is what we want to avoid. We want his VPN access limited to his server only.
0
 

Author Comment

by:TechGuy_007
ID: 36710912
We dont have a pix or ASA.
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36711627
what firewall are you using?  where are you handling the DHCP for VPN connections?  what are you using for authentication for users as they come into the network?
0
 

Author Comment

by:TechGuy_007
ID: 36712105
we have a watch gaurd
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36712357
And is that handling vpn dhcp and authentication?
0
 
LVL 4

Expert Comment

by:Andy Keeney
ID: 36717836
You can have multiple policies on your watchguard.  you can give the user a different vpn ipsec configuration, and setup a different DHCP scope inside the firewall for whatever subnet you are wanting and assign it to the profile.
0
 
LVL 4

Accepted Solution

by:
Andy Keeney earned 500 total points
ID: 36717864
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question