Add a vpn subnet

We have people using vpn to log into our network.  We however have two different subnets.   I was wondering if there is a way to dictate which internal subnet users get based on their user name or some other variable.  We are using 2003 server, and Routing and remote access to do VPN
TechGuy_007Asked:
Who is Participating?
 
Andy KeeneyCommented:
by username??  Maybe.  Can the subnets communicate with each other?  Can the firewall see both subnets?
0
 
Andy KeeneyCommented:
what is doing the authentication (i.e. radius, cisco)?
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
TechGuy_007Author Commented:
The subnets cant communicate. I had to add a second IP to the server that we want our vendor to access but we dont went them to have access to the entire network. So we want there VPN access to only allow access to the second subnet.
0
 
Andy KeeneyCommented:
statically assign an ip address to his username after he authenticates.  make sure the firewall can communicate to the other subnet.  when that user logs in they will automatically be thrown into the other subnet.
0
 
Andy KeeneyCommented:
0
 
Andy KeeneyCommented:
and if you added a second ip address to a server that the vendor has access to, wont he have access to the entire network once he logs in to that particular server?
0
 
TechGuy_007Author Commented:
That is what we want to avoid. We want his VPN access limited to his server only.
0
 
TechGuy_007Author Commented:
We dont have a pix or ASA.
0
 
Andy KeeneyCommented:
what firewall are you using?  where are you handling the DHCP for VPN connections?  what are you using for authentication for users as they come into the network?
0
 
TechGuy_007Author Commented:
we have a watch gaurd
0
 
Andy KeeneyCommented:
And is that handling vpn dhcp and authentication?
0
 
Andy KeeneyCommented:
You can have multiple policies on your watchguard.  you can give the user a different vpn ipsec configuration, and setup a different DHCP scope inside the firewall for whatever subnet you are wanting and assign it to the profile.
0
All Courses

From novice to tech pro — start learning today.