Need to secure SSLVPN with different local user groups

Unanswered Question
Mar 1st, 2008

The clientless SSLVPN is configured and running, but we have multiple vendors that will be using it. We want to give multiple vendors access to their hosts only, and their credentials will be local on the router. We currently have 4 IPs defined for each vendor, but currently nothing is in place to keep a vendor from attempting to use a different IP and getting access to other systems. Is there a way to keep a vendor's credential bound to a VPN tunnel?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
baskervi Wed, 03/05/2008 - 22:10

We opened a TAC case and were told the routers do not support groups for local users. We ended up moving the SSL VPN to nonstandard ports and giving users access to one of these VPNs. Unless the vendor scans the available ports for the public IPs, they won't know about the other sockets. Security through obscurity.


This Discussion