cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

168
Views
5
Helpful
1
Replies
Highlighted
Beginner

External consutant access to the internal network

Hey everyone,  hope your day is going well and you are all keeping safe, staying healthy and having a blast working remotely.

I wanted to ask this question because we are starting to receive these requests more and more frequently where, they need to have external consultants access our internal resources via some sort of VPN connection.  I wanted to know what your thoughts are and how and if this is something you are implementing in your workplace? 

One way I could think of was to allow them to VPN in via AnyConnect but restrict what they can access via AAA (Authorization) via ISE by using a DACL.

Please let me know your thoughts.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Re: External consutant access to the internal network

Hi,
Yes your suggestion is a perfectly good and possibly the simpliest solution, it's probably the first solution I'd suggest anyway.
Alternatively you could use TrustSec SGTs, apply a unique SGT (via ISE during authorisation) for each consultant and permit access based on source SGT.

HTH

View solution in original post

1 REPLY 1
Highlighted
VIP Advisor

Re: External consutant access to the internal network

Hi,
Yes your suggestion is a perfectly good and possibly the simpliest solution, it's probably the first solution I'd suggest anyway.
Alternatively you could use TrustSec SGTs, apply a unique SGT (via ISE during authorisation) for each consultant and permit access based on source SGT.

HTH

View solution in original post