Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Site - Site VPN with different Access Rights.

Site - Site VPN with different Access Rights. 10 years 10 months ago #11229

  • IP-bod
  • IP-bod's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Karma: 0
Heya,

Need to setup a site to site vpn from a remote office back to our main one.

The remote site has got a setup of approx 15/20 users on a sdsl 2mb. So am thinking about a 506e or 515e PIX; Any thoughts on either? Maybe a 515e is a bit overkill possibly?

Problem is users on the remote network comprise of 2 types. trusted users. and non trusted (external to company) users who need limited access though will be sitting on the remote LAN?

Question is how can I define /create the different type of access.

Possibly create 2 types of tunnels, one tunnel with acl's restricting untrusted users accesss to stuff over the network.

But then I have issue of how do I enforce those users only accessing a specfied tunnel on the remote LAN? Vlan's / IP addresss/MAC authentication, seems a bit complicated to set up to me???


It's kinda working now on single user vpn dial ups.

Any ideas . Does this question make sense???

Thanks

IP-bod.
The administrator has disabled public write access.

VPNs 10 years 10 months ago #11238

  • TheBishop
  • TheBishop's Avatar
  • Offline
  • Moderator
  • Posts: 1719
  • Thank you received: 8
  • Karma: 5
Hello IP-bod
Don't know much about PICs but I'm sure some of our other members will come in on that aspect. As to splitting up the two populations of users, would it be possible to have them in two separate ranges of IP addresses? If so, that would make it easy to have a specific tunnel for each range
The administrator has disabled public write access.

Re: Site - Site VPN with different Access Rights. 10 years 10 months ago #11241

  • Rockape
  • Rockape's Avatar
  • Offline
  • Moderator
  • Posts: 330
  • Karma: 0
What about using Access Lists. That way (I believe) you can have all users going down the same link. But, because of the Access List, certain users can only get to certain parts of your system. Infact you can even deny users any access at all (If your names not on the list your not coming in mate :!: )
The administrator has disabled public write access.

Re: Site - Site VPN with different Access Rights. 10 years 10 months ago #11250

  • christiaan
  • christiaan's Avatar
  • Offline
  • Frequent Member
  • Posts: 26
  • Karma: 0
It depends on exactly what you define as limited access.
If you define limited access in terms of what resources users can access on a server then a single VPN with a remote access group with different permissions configured for the trusted and untrusted users would do the job.

I would try IPCop or Pfsense for the number of users that you have in the remote office.
The administrator has disabled public write access.

Re: Site - Site VPN with different Access Rights. 10 years 10 months ago #11253

  • IP-bod
  • IP-bod's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Karma: 0
how about setting up a seperate vlan that they have to plug into on a switch ( or a couple of ports on a switch) which has a dhcp scope of around 10 ips for example sake and then acl that netowkr range from the network so that it doesn't go through the vpn tunnel?????

again does that make sense??
The administrator has disabled public write access.

Re: Site - Site VPN with different Access Rights. 10 years 10 months ago #11254

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
IP-bod, maybe you could expand on your definition of limited access. For example, do you want to restrict the access of untrusted users to certain IP address ranges or ports or both?
The administrator has disabled public write access.
Time to create page: 0.081 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup