Site - Site VPN with different Access Rights.

IP-bod
Topic Author
Offline
New Member

18 years 5 months ago #11229 by IP-bod

Site - Site VPN with different Access Rights. was created by IP-bod

Heya,

Need to setup a site to site vpn from a remote office back to our main one.

The remote site has got a setup of approx 15/20 users on a sdsl 2mb. So am thinking about a 506e or 515e PIX; Any thoughts on either? Maybe a 515e is a bit overkill possibly?

Problem is users on the remote network comprise of 2 types. trusted users. and non trusted (external to company) users who need limited access though will be sitting on the remote LAN?

Question is how can I define /create the different type of access.

Possibly create 2 types of tunnels, one tunnel with acl's restricting untrusted users accesss to stuff over the network.

But then I have issue of how do I enforce those users only accessing a specfied tunnel on the remote LAN? Vlan's / IP addresss/MAC authentication, seems a bit complicated to set up to me???

It's kinda working now on single user vpn dial ups.

Any ideas . Does this question make sense???

Thanks

IP-bod.

TheBishop
Offline
Moderator

18 years 5 months ago #11238 by TheBishop

Replied by TheBishop on topic VPNs

Hello IP-bod
Don't know much about PICs but I'm sure some of our other members will come in on that aspect. As to splitting up the two populations of users, would it be possible to have them in two separate ranges of IP addresses? If so, that would make it easy to have a specific tunnel for each range

Rockape
Offline
Moderator

18 years 5 months ago #11241 by Rockape

Replied by Rockape on topic Re: Site - Site VPN with different Access Rights.

What about using Access Lists. That way (I believe) you can have all users going down the same link. But, because of the Access List, certain users can only get to certain parts of your system. Infact you can even deny users any access at all (If your names not on the list your not coming in mate :!: )

christiaan
Offline
Junior Member

18 years 5 months ago #11250 by christiaan

Replied by christiaan on topic Re: Site - Site VPN with different Access Rights.

It depends on exactly what you define as limited access.
If you define limited access in terms of what resources users can access on a server then a single VPN with a remote access group with different permissions configured for the trusted and untrusted users would do the job.

I would try IPCop or Pfsense for the number of users that you have in the remote office.

IP-bod
Topic Author
Offline
New Member

18 years 5 months ago #11253 by IP-bod

Replied by IP-bod on topic Re: Site - Site VPN with different Access Rights.

how about setting up a seperate vlan that they have to plug into on a switch ( or a couple of ports on a switch) which has a dhcp scope of around 10 ips for example sake and then acl that netowkr range from the network so that it doesn't go through the vpn tunnel?????

again does that make sense??

DaLight
Offline
Platinum Member

18 years 5 months ago #11254 by DaLight

Replied by DaLight on topic Re: Site - Site VPN with different Access Rights.

IP-bod, maybe you could expand on your definition of limited access. For example, do you want to restrict the access of untrusted users to certain IP address ranges or ports or both?