Mohammed,
You can use an ACL on your Virtual-Template interface to control what they gain access to if you are doing this on a router. I would have to research to know what to do on the ASA for VPDN. Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Technical Instructor - IPexpert, Inc. Mailto: <mailto:[email protected]> [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: <http://www.ipexpert.com/chat> www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service Provider) Certification Training with locations throughout the United States, Europe and Australia. Be sure to check out our online communities at <http://www.ipexpert.com/communities> www.ipexpert.com/communities and our public website at <http://www.ipexpert.com> www.ipexpert.com From: [email protected] [mailto:[email protected]] On Behalf Of Mohamed Gazzaz Sent: Wednesday, February 17, 2010 7:23 AM To: [email protected]; [email protected] Subject: [OSL | CCIE_Security] Virtual Private Dialup Network - VPDN Hello, Basically, we have some external contractors/consultants who are accessing our SAP servers via VPDN. We want to limit their access to some servers so what is the best way to do that? I don't have a lot of experience with VPDN and this stuff is new to me. Here is the scenario: The consultants connect to our public ip address via VPDN and they get a local ip address which allow them to access the local servers. There is only one group and I guess I can use access-lists to limit their access but I don't want to limit myself and other IT staff. I tried to create two VPDN groups but the router always select the first group (the default one). I thought about SSL-VPN but I don't know if I will have some compatibility issues with SAP applications ( clientless mode - the management does not want the full tunnel mode) Easy-vpn is not an option because of the management again. Any ideas or suggestions will be highly appreciated. Regards, Mohamed Gazzaz _____ Hotmail: Free, trusted and rich email service. Get it now. <https://signup.live.com/signup.aspx?id=60969>
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
