Re: [OSL | CCIE_Security] Virtual Private Dialup Network - VPDN

[Mohamed Gazzaz]

Tyson,

Actually, we are doing this on a router. Currently we are using a small room as 
a data center and we are in the process of building our main data center. We 
can use an ACL as you said on the Virtual-template but that would limit us too 
(IT staff). 

I created 2 VPD-groups with 2 ip pools and 2 different policies but the router 
always selects the first default group; I don't know how to get to the second 
group. We are using a local database on the router and I was also able to 
authenticate the users with Active directory.

Maybe I can use domain names to tie groups with domain names?

I think I will give SSL-VPN a shot, or let the external consultants use VPDN + 
ACL and let us use SSL-VPN or EZVPN.

Regards,
Mohamed Gazzaz

From: tsc...@ipexpert.com
To: mgaz...@hotmail.com; secur...@groupstudy.com; 
ccie_security@onlinestudylist.com
Subject: RE: [OSL | CCIE_Security] Virtual Private Dialup Network - VPDN
Date: Wed, 17 Feb 2010 11:26:22 -0500



















Mohammed,

 

You can use an ACL on your Virtual-Template interface to control
what they gain access to if you are doing this on a router.  I would have to
research to know what to do on the ASA for VPDN.  

 



Regards,

 

Tyson Scott - CCIE #13513 R&S, Security, and SP

Technical Instructor - IPexpert, Inc.

Mailto: tsc...@ipexpert.com

Telephone: +1.810.326.1444, ext. 208

Live Assistance, Please visit: www.ipexpert.com/chat

eFax: +1.810.454.0130

 

IPexpert is a premier provider of Classroom and Self-Study Cisco
CCNA (R&S, Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S,
Voice, Security & Service Provider) Certification Training with locations
throughout the United States, Europe and Australia. Be sure to check out our
online communities at www.ipexpert.com/communities and our public
website at www.ipexpert.com



 





From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Mohamed
Gazzaz

Sent: Wednesday, February 17, 2010 7:23 AM

To: secur...@groupstudy.com; ccie_security@onlinestudylist.com

Subject: [OSL | CCIE_Security] Virtual Private Dialup Network - VPDN





 

Hello,



Basically, we have some external contractors/consultants who are accessing our
SAP servers via VPDN. We want to limit their access to some servers so what is
the best way to do that? I don't have a lot of experience with VPDN and this
stuff is new to me. 



Here is the scenario: The consultants connect to our public ip address via VPDN
and they get a local ip address which allow them to access the local servers.
There is only one group and I guess I can use access-lists to limit their
access but I don't want to limit myself and other IT staff. I tried to create
two VPDN groups but the router always select the first group (the default one).



I thought about SSL-VPN but I don't know if I will have some compatibility
issues with SAP applications ( clientless mode - the management does not want
the full tunnel mode)



Easy-vpn is not an option because of the management again. 



Any ideas or suggestions will be highly appreciated.



Regards,

Mohamed Gazzaz







Hotmail:
Free, trusted and rich email service. Get it now.

                                          
_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
https://signup.live.com/signup.aspx?id=60969
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com