cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
374
Views
5
Helpful
5
Replies

VPN and LAN access

harvey.dewan
Level 1
Level 1

I want to allow certain users to connect to my comncentrator, but then only allow them to have access to a single server on the LAN side.

Please help.

5 Replies 5

Fernando_Meza
Level 7
Level 7

Hi .. you need to follow some steps

1.- create a subnet list and add the IP you need access to

Configuration | Policy Management | Traffic Management | Network Lists

2.- create a group for remote access

Configuration | User Management | Groups

3.- Within the group select the tab 'Client Config' select the option 'Only tunnel networks in the list'

and select the list you created on step 1.

This will allow a remote user connect to one only host by using VPN client.

I hope it helps ...please rate it if it does !!!

The above instructions work. How do you allow the users to terminal service to a server and then only allow them to access that server? Thanks.

Hi ... If I understood correctly ... you want to allow access to one server only for your remote users .. this can be done by controlling the access at the VPN concentrator as per my previous post.

If you initiate another session from the above server to lets say another server by using Remote desktop .. then the VPN concentrator can do nothing about it as the traffic does not traverse it. The same applies to any device terminating the VPN connection. to restrict further connection you need to implement some kind of HIPS ( Host intrution prevention system such as CSA ) on the desktops and servers to control that type of connections.

I hope it helps ... please rate it if it does !!!

Thanks for your prompt response and information, Fernando.

Sorry for not making my questions clear. I want to allow the terminal service (remote desktop) to this server after the users login to VPN Concentrator, not terminal service to another server from this server. By using the instructions from the previous post, the users can't terminal service (Remote Desktop, etc. ) to this server after they login to VPN Concentrator, but can access everything on this server. I would like to allow the users to terminal service to one server AFTER they login to VPN. Then, I only allow them to access this server after they terminal service to this server. Please let me know if I have not explained myself clearly.

Thanks.

Diane

You can exclude split tunnel, that create Access list that will be aplied on tunnel traffic.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: