Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
988
Views
0
Helpful
1
Replies

IPSec Site to Site

william.culver
Level 1
Level 1

‎03-16-2011 04:51 PM - edited ‎02-21-2020 05:13 PM

I need to connect a partner site via IPSec Site to Site.  I don't have any control over the other site, and have concerns about their security configurations (old O/S, limited, if any antivirus or patching, etc.).  They have no server or internal DNS.  They will need to access my DNS (Win2K8R2), SharePoint sites, and a few other internal sites.  They are not part of my domain or their own domain.  How can I restrict their access to only those areas on my side that they absolutely need without having to managing a complex ACL, and at the same time limit my exposure.  I am planning on putting in a Windows NAP server, but that won't be an option for a while, and I need to get them connectivity very soon.  Any thoughts would be appreciated.

Labels:
0 Helpful
1 Reply 1

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎03-16-2011 06:41 PM

Hi,

When you create a S2S IPsec VPN, all IP traffic is by default permitted to flow between both sites (networks defined as interesting traffic).

You can create the ACL to permit only the IPs and ports neccesary (but depending on the size of the scenario could be a long or complex ACL).

There are other features that enhance security, for example:


Users can be required to authenticate before accessing any resources on your LAN.

This can be done with an external Radius server.

Besides authentication, authorization can be implemented so that users are validated and only allowed certain permissions.

A lot depends on what you have and can/cannot do.

Hope it helps.


Federico.

0 Helpful
Customers Also Viewed These Support Documents