Answer the question
In order to leave comments, you need to log in
How on cisco to differentiate VPN access levels to users?
All greetings
Is CISCO 1900.
VPN (PPTP) for remote work is configured.
There was a need to give remote access to work to several external employees.
1st employee will work with 1c on one server
2nd employee will work with another 1c on another server
3rd employee will work with a shared folder on the 3rd server
How to differentiate such access rights?
So that none of them can get into the main network, well, in general, they could only work on a certain server
Thank you all in advance
Answer the question
In order to leave comments, you need to log in
Let's think of servers as networks. Connect 3 of your networks to the switch, divide by 3 VLANs. One trunk port with access to 3 vlans and is included in the router. On the router, make the connected port a trunk, make 3 virtual interfaces under each vlan, then create 3 IP ACLs in which you allocate subnets (allowed) for each virtual VLAN interface, then create an aaa attribute list for each username, dedicated IP address or IP pool addresses to issue (you can create separately via ip local pool), not forgetting to specify that attribute type inacl IP_ACL and so on.
The idea is that each user has dedicated credentials, by which he will receive IP from one pool for each network. Therefore, he will not have access to the other two subnets at the network level.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question