I have an 851 router which is configured for IPSEC Vpn Tunnel PPTP & Internet access.
I have 15 or so machines that need to communicate with each other the other 10 or so are managed internally but will also be managed externally
The current config will work however I am concerned about security.
The external companies 3 of them need access to their own specific hosts only and those hosts should have no access to the other hosts or servers on the same subnet (apart from one internal machine).
Ideally I would like to retain remote access for support purposes but if I have to I can completely separate the two sets of machines on physical networks although this will cause some issues
I thought of creating multiple vpdn groups with a single ip address and apply access-lists what is the best way of accomplishing this?
Any suggestions gratefully received
! Default PPTP VPDN group
local name VPN
l2tp tunnel receive-window 128
ip unnumbered Vlan1
peer default ip address pool pptp-pool
ppp authentication ms-chap
description Connected to LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip local pool pptp-pool 192.168.20.10 192.168.20.12