- Posts: 17
- Thank you received: 0
Site - Site VPN with different Access Rights.
19 years 2 weeks ago #11229
by IP-bod
Site - Site VPN with different Access Rights. was created by IP-bod
Heya,
Need to setup a site to site vpn from a remote office back to our main one.
The remote site has got a setup of approx 15/20 users on a sdsl 2mb. So am thinking about a 506e or 515e PIX; Any thoughts on either? Maybe a 515e is a bit overkill possibly?
Problem is users on the remote network comprise of 2 types. trusted users. and non trusted (external to company) users who need limited access though will be sitting on the remote LAN?
Question is how can I define /create the different type of access.
Possibly create 2 types of tunnels, one tunnel with acl's restricting untrusted users accesss to stuff over the network.
But then I have issue of how do I enforce those users only accessing a specfied tunnel on the remote LAN? Vlan's / IP addresss/MAC authentication, seems a bit complicated to set up to me???
It's kinda working now on single user vpn dial ups.
Any ideas . Does this question make sense???
Thanks
IP-bod.
Need to setup a site to site vpn from a remote office back to our main one.
The remote site has got a setup of approx 15/20 users on a sdsl 2mb. So am thinking about a 506e or 515e PIX; Any thoughts on either? Maybe a 515e is a bit overkill possibly?
Problem is users on the remote network comprise of 2 types. trusted users. and non trusted (external to company) users who need limited access though will be sitting on the remote LAN?
Question is how can I define /create the different type of access.
Possibly create 2 types of tunnels, one tunnel with acl's restricting untrusted users accesss to stuff over the network.
But then I have issue of how do I enforce those users only accessing a specfied tunnel on the remote LAN? Vlan's / IP addresss/MAC authentication, seems a bit complicated to set up to me???
It's kinda working now on single user vpn dial ups.
Any ideas . Does this question make sense???
Thanks
IP-bod.
19 years 2 weeks ago #11238
by TheBishop
Hello IP-bod
Don't know much about PICs but I'm sure some of our other members will come in on that aspect. As to splitting up the two populations of users, would it be possible to have them in two separate ranges of IP addresses? If so, that would make it easy to have a specific tunnel for each range
Don't know much about PICs but I'm sure some of our other members will come in on that aspect. As to splitting up the two populations of users, would it be possible to have them in two separate ranges of IP addresses? If so, that would make it easy to have a specific tunnel for each range
19 years 2 weeks ago #11241
by Rockape
Replied by Rockape on topic Re: Site - Site VPN with different Access Rights.
What about using Access Lists. That way (I believe) you can have all users going down the same link. But, because of the Access List, certain users can only get to certain parts of your system. Infact you can even deny users any access at all (If your names not on the list your not coming in mate :!: )
- christiaan
- Offline
- Junior Member
Less
More
- Posts: 26
- Thank you received: 0
19 years 2 weeks ago #11250
by christiaan
Replied by christiaan on topic Re: Site - Site VPN with different Access Rights.
It depends on exactly what you define as limited access.
If you define limited access in terms of what resources users can access on a server then a single VPN with a remote access group with different permissions configured for the trusted and untrusted users would do the job.
I would try IPCop or Pfsense for the number of users that you have in the remote office.
If you define limited access in terms of what resources users can access on a server then a single VPN with a remote access group with different permissions configured for the trusted and untrusted users would do the job.
I would try IPCop or Pfsense for the number of users that you have in the remote office.
19 years 2 weeks ago #11253
by IP-bod
Replied by IP-bod on topic Re: Site - Site VPN with different Access Rights.
how about setting up a seperate vlan that they have to plug into on a switch ( or a couple of ports on a switch) which has a dhcp scope of around 10 ips for example sake and then acl that netowkr range from the network so that it doesn't go through the vpn tunnel?????
again does that make sense??
again does that make sense??
19 years 2 weeks ago #11254
by DaLight
Replied by DaLight on topic Re: Site - Site VPN with different Access Rights.
IP-bod, maybe you could expand on your definition of limited access. For example, do you want to restrict the access of untrusted users to certain IP address ranges or ports or both?
Time to create page: 0.131 seconds