Skip to main content

Site - Site VPN with different Access Rights.

More
19 years 2 weeks ago #11229 by IP-bod
Heya,

Need to setup a site to site vpn from a remote office back to our main one.

The remote site has got a setup of approx 15/20 users on a sdsl 2mb. So am thinking about a 506e or 515e PIX; Any thoughts on either? Maybe a 515e is a bit overkill possibly?

Problem is users on the remote network comprise of 2 types. trusted users. and non trusted (external to company) users who need limited access though will be sitting on the remote LAN?

Question is how can I define /create the different type of access.

Possibly create 2 types of tunnels, one tunnel with acl's restricting untrusted users accesss to stuff over the network.

But then I have issue of how do I enforce those users only accessing a specfied tunnel on the remote LAN? Vlan's / IP addresss/MAC authentication, seems a bit complicated to set up to me???


It's kinda working now on single user vpn dial ups.

Any ideas . Does this question make sense???

Thanks

IP-bod.
More
19 years 2 weeks ago #11238 by TheBishop
Replied by TheBishop on topic VPNs
Hello IP-bod
Don't know much about PICs but I'm sure some of our other members will come in on that aspect. As to splitting up the two populations of users, would it be possible to have them in two separate ranges of IP addresses? If so, that would make it easy to have a specific tunnel for each range
More
19 years 2 weeks ago #11241 by Rockape
What about using Access Lists. That way (I believe) you can have all users going down the same link. But, because of the Access List, certain users can only get to certain parts of your system. Infact you can even deny users any access at all (If your names not on the list your not coming in mate :!: )
More
19 years 2 weeks ago #11250 by christiaan
It depends on exactly what you define as limited access.
If you define limited access in terms of what resources users can access on a server then a single VPN with a remote access group with different permissions configured for the trusted and untrusted users would do the job.

I would try IPCop or Pfsense for the number of users that you have in the remote office.
More
19 years 2 weeks ago #11253 by IP-bod
how about setting up a seperate vlan that they have to plug into on a switch ( or a couple of ports on a switch) which has a dhcp scope of around 10 ips for example sake and then acl that netowkr range from the network so that it doesn't go through the vpn tunnel?????

again does that make sense??
More
19 years 2 weeks ago #11254 by DaLight
IP-bod, maybe you could expand on your definition of limited access. For example, do you want to restrict the access of untrusted users to certain IP address ranges or ports or both?
Time to create page: 0.131 seconds