Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
355
Views
0
Helpful
3
Replies

How to provide secure access to vendor

christopher_hall
Level 1
Level 1

‎03-14-2008 11:13 AM - edited ‎03-09-2019 08:18 PM

Good afternoon,

We need to provide a vendor access to a server located on the inside of the network (MS SQL Server). I have a couple questions along these lines:

1. We currently allow vpn access to IT staff on our ASA 5510 (which is privately managed). We currently have one authentication group for our IT staff. Is there a way to have two authentication groups? We're using a MS radius server to authenticate before access is approved.

2. Once the vendor is connected, what would be the best way to restrict them to only the one box?

Our concern is that they would be able to launch telnet, file share, etc...I realize this may be best handled by MS group, but was thinking about access lists..

Any thoughts would be appreciated.

Labels:
0 Helpful
3 Replies 3

acomiskey
Level 10
Level 10

‎03-14-2008 11:41 AM

The easiest way would be to create a second remote access tunnel group. Create a new ip pool for that group and apply it to a new policy for that group. You could then limit the access by being very specific with your nat exemption acl.

0 Helpful

christopher_hall
Level 1
Level 1
In response to acomiskey

‎03-14-2008 12:13 PM

Thanks for the quick response!

0 Helpful
Customers Also Viewed These Support Documents