05-02-2006 10:57 AM - edited 02-21-2020 12:52 AM
I want to allow certain users to connect to my comncentrator, but then only allow them to have access to a single server on the LAN side.
Please help.
05-02-2006 10:03 PM
Hi .. you need to follow some steps
1.- create a subnet list and add the IP you need access to
Configuration | Policy Management | Traffic Management | Network Lists
2.- create a group for remote access
Configuration | User Management | Groups
3.- Within the group select the tab 'Client Config' select the option 'Only tunnel networks in the list'
and select the list you created on step 1.
This will allow a remote user connect to one only host by using VPN client.
I hope it helps ...please rate it if it does !!!
05-12-2006 12:16 PM
The above instructions work. How do you allow the users to terminal service to a server and then only allow them to access that server? Thanks.
05-14-2006 04:46 AM
Hi ... If I understood correctly ... you want to allow access to one server only for your remote users .. this can be done by controlling the access at the VPN concentrator as per my previous post.
If you initiate another session from the above server to lets say another server by using Remote desktop .. then the VPN concentrator can do nothing about it as the traffic does not traverse it. The same applies to any device terminating the VPN connection. to restrict further connection you need to implement some kind of HIPS ( Host intrution prevention system such as CSA ) on the desktops and servers to control that type of connections.
I hope it helps ... please rate it if it does !!!
05-15-2006 06:38 AM
Thanks for your prompt response and information, Fernando.
Sorry for not making my questions clear. I want to allow the terminal service (remote desktop) to this server after the users login to VPN Concentrator, not terminal service to another server from this server. By using the instructions from the previous post, the users can't terminal service (Remote Desktop, etc. ) to this server after they login to VPN Concentrator, but can access everything on this server. I would like to allow the users to terminal service to one server AFTER they login to VPN. Then, I only allow them to access this server after they terminal service to this server. Please let me know if I have not explained myself clearly.
Thanks.
Diane
10-05-2007 03:48 AM
You can exclude split tunnel, that create Access list that will be aplied on tunnel traffic.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide