topic Re: VPN and LAN access in Network Security

VPN and LAN access

harvey.dewan — Fri, 21 Feb 2020 08:52:20 GMT

I want to allow certain users to connect to my comncentrator, but then only allow them to have access to a single server on the LAN side.

Please help.

Re: VPN and LAN access

Fernando_Meza — Wed, 03 May 2006 05:03:09 GMT

Hi .. you need to follow some steps

1.- create a subnet list and add the IP you need access to

Configuration | Policy Management | Traffic Management | Network Lists

2.- create a group for remote access

Configuration | User Management | Groups

3.- Within the group select the tab 'Client Config' select the option 'Only tunnel networks in the list'

and select the list you created on step 1.

This will allow a remote user connect to one only host by using VPN client.

I hope it helps ...please rate it if it does !!!

Re: VPN and LAN access

dianewalker — Fri, 12 May 2006 19:16:44 GMT

The above instructions work. How do you allow the users to terminal service to a server and then only allow them to access that server? Thanks.

Re: VPN and LAN access

Fernando_Meza — Sun, 14 May 2006 11:46:51 GMT

Hi ... If I understood correctly ... you want to allow access to one server only for your remote users .. this can be done by controlling the access at the VPN concentrator as per my previous post.

If you initiate another session from the above server to lets say another server by using Remote desktop .. then the VPN concentrator can do nothing about it as the traffic does not traverse it. The same applies to any device terminating the VPN connection. to restrict further connection you need to implement some kind of HIPS ( Host intrution prevention system such as CSA ) on the desktops and servers to control that type of connections.

I hope it helps ... please rate it if it does !!!

Re: VPN and LAN access

dianewalker — Mon, 15 May 2006 13:38:59 GMT

Thanks for your prompt response and information, Fernando.

Sorry for not making my questions clear. I want to allow the terminal service (remote desktop) to this server after the users login to VPN Concentrator, not terminal service to another server from this server. By using the instructions from the previous post, the users can't terminal service (Remote Desktop, etc. ) to this server after they login to VPN Concentrator, but can access everything on this server. I would like to allow the users to terminal service to one server AFTER they login to VPN. Then, I only allow them to access this server after they terminal service to this server. Please let me know if I have not explained myself clearly.

Thanks.

Diane

Re: VPN and LAN access

fisko — Fri, 05 Oct 2007 10:48:48 GMT

You can exclude split tunnel, that create Access list that will be aplied on tunnel traffic.