need advice on how to limit 3rd party access through VPN
We need to limit the access of a 3rd party vendor through our PIX VPN to a few specific servers. Aside from doing tacacs or radius , is there any way to limit their access locally on the pix based on the login credentials ? ( cant filter by ip address, the vendors IP address is a mobile user )
Re: need advice on how to limit 3rd party access through VPN
Other than the methods that you already know, you can use two other approaches:
1)Split tunnel list
2)Use of inbound ACL on the inside/dmz interface of PIX to restrict access so that traffic from particular servers is only permitted for a particular group.
1)Split tunnel list will cause client PCs not able to send traffic across the tunnel which you dont them to send, so you will configure a separate group for 3rd party vendor, and then use the split tunnel in that group.
2)Again you would wanna create a group, and then use a different pool of IPs for them, and then based on this pool, configure Interface ACL on the inside/dmz of PIX so that they are restricted to some hosts on the inside/dmz.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...