Link to home
Start Free TrialLog in
Avatar of TechGuy_007
TechGuy_007Flag for United States of America

asked on

Add a vpn subnet

We have people using vpn to log into our network.  We however have two different subnets.   I was wondering if there is a way to dictate which internal subnet users get based on their user name or some other variable.  We are using 2003 server, and Routing and remote access to do VPN
Avatar of Andy Keeney
Andy Keeney
Flag of United States of America image
by username??  Maybe.  Can the subnets communicate with each other?  Can the firewall see both subnets?
Avatar of Andy Keeney
Andy Keeney
Flag of United States of America image
what is doing the authentication (i.e. radius, cisco)?
Avatar of TechGuy_007
TechGuy_007
Flag of United States of America image

ASKER

The subnets cant communicate. I had to add a second IP to the server that we want our vendor to access but we dont went them to have access to the entire network. So we want there VPN access to only allow access to the second subnet.
Avatar of Andy Keeney
Andy Keeney
Flag of United States of America image
statically assign an ip address to his username after he authenticates.  make sure the firewall can communicate to the other subnet.  when that user logs in they will automatically be thrown into the other subnet.
Avatar of Andy Keeney
Andy Keeney
Flag of United States of America image
and if you added a second ip address to a server that the vendor has access to, wont he have access to the entire network once he logs in to that particular server?
Avatar of TechGuy_007
TechGuy_007
Flag of United States of America image

ASKER

That is what we want to avoid. We want his VPN access limited to his server only.
Avatar of TechGuy_007
TechGuy_007
Flag of United States of America image

ASKER

We dont have a pix or ASA.
Avatar of Andy Keeney
Andy Keeney
Flag of United States of America image
what firewall are you using?  where are you handling the DHCP for VPN connections?  what are you using for authentication for users as they come into the network?
Avatar of TechGuy_007
TechGuy_007
Flag of United States of America image

ASKER

we have a watch gaurd
Avatar of Andy Keeney
Andy Keeney
Flag of United States of America image
And is that handling vpn dhcp and authentication?
Avatar of Andy Keeney
Andy Keeney
Flag of United States of America image
You can have multiple policies on your watchguard.  you can give the user a different vpn ipsec configuration, and setup a different DHCP scope inside the firewall for whatever subnet you are wanting and assign it to the profile.
ASKER CERTIFIED SOLUTION
Avatar of Andy Keeney
Andy Keeney
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial