Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 285
  • Last Modified:

Add a vpn subnet

We have people using vpn to log into our network.  We however have two different subnets.   I was wondering if there is a way to dictate which internal subnet users get based on their user name or some other variable.  We are using 2003 server, and Routing and remote access to do VPN
0
TechGuy_007
Asked:
TechGuy_007
  • 9
  • 4
1 Solution
 
Andy KeeneyCommented:
by username??  Maybe.  Can the subnets communicate with each other?  Can the firewall see both subnets?
0
 
Andy KeeneyCommented:
what is doing the authentication (i.e. radius, cisco)?
0
 
TechGuy_007Author Commented:
The subnets cant communicate. I had to add a second IP to the server that we want our vendor to access but we dont went them to have access to the entire network. So we want there VPN access to only allow access to the second subnet.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
Andy KeeneyCommented:
statically assign an ip address to his username after he authenticates.  make sure the firewall can communicate to the other subnet.  when that user logs in they will automatically be thrown into the other subnet.
0
 
Andy KeeneyCommented:
0
 
Andy KeeneyCommented:
and if you added a second ip address to a server that the vendor has access to, wont he have access to the entire network once he logs in to that particular server?
0
 
TechGuy_007Author Commented:
That is what we want to avoid. We want his VPN access limited to his server only.
0
 
TechGuy_007Author Commented:
We dont have a pix or ASA.
0
 
Andy KeeneyCommented:
what firewall are you using?  where are you handling the DHCP for VPN connections?  what are you using for authentication for users as they come into the network?
0
 
TechGuy_007Author Commented:
we have a watch gaurd
0
 
Andy KeeneyCommented:
And is that handling vpn dhcp and authentication?
0
 
Andy KeeneyCommented:
You can have multiple policies on your watchguard.  you can give the user a different vpn ipsec configuration, and setup a different DHCP scope inside the firewall for whatever subnet you are wanting and assign it to the profile.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 9
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now