01-12-2010 03:54 AM - edited 03-11-2019 09:56 AM
Hello Experts,
We have Cisco ASA 5505 (8.2.1) and Remote VPN is configured and access is provided to our NOC team to work from home and we have set hair pin route settings to access other production locations from one vpn account and its working fine. NOC users account is created and previlige is set 2 only to connect with VPN.
Now we have got a new request to setup a new Remote VPN configuration for our DEV Team and have to provide few servers access which is not a massive but once i setup a users for DEV Team then they may have access the PROD Servers by using the first VPN configuration. I want to restrict the DEV users, not to use the first remote VPN account and dont know the configuration/procedure.
Pls. advice.
Thanks & Regards,
Vinay Gupta
01-12-2010 04:01 AM
HI Vinay
when you create the 2nd RA group , will you give them a new IP pool? If so, then I guess you can use ACL to restrict access to servers?
I had a similar situ and I used a software called secureRDP (for windows servers only) which allowed our 1st line support users who RDP into certain servers only - preventing them from piggybacking from 1 server to another via RDP (only)
HTH
01-12-2010 04:08 AM
Yes, I will define a new IP pool for DEV Team but the major issue is the DEV user can be connected with NOC remote VPN by putting thier credentials which I want to seperate.
Regards,
Vinay Gupta
01-12-2010 06:28 AM
Can anyone reply as its urgent..........
Regards,
Vinay Gupta
01-12-2010 04:15 PM
??
01-13-2010 02:00 AM
Hi
need to know more re your setup- are you using Radius/Tacacs?
how would the DEV Team know the login credentials of the NOC team? or do you mean that the Dev Team are also part of the NOC TEam sec group in AD?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: