You could hard-code access by IP address - and make sure that you don't route IP's across switches... but it sounds like you want e-directory from Novell.
Jon ----- Original Message ----- From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Date: Monday, March 7, 2005 8:43 pm Subject: [TriLUG] OT: policy based VPNs on LAN? > This is really more of a general routing/switch/secuirty question > then OSS - but if a OSS solution is possible that would be even > better. I'm approaching the edge of my dynamic VPN know-how so I > wanted to throw this out to the wolves. :) The scenario is this: > > Security Paranoid Company would like to define access to various > parts of the network based upon user roles. SPC also would like > users to be forced to use not only a username/password but a > security token for login (like a secureID token). > > The initial idea was to create groups that the network admin can > create rules against. So the HR people would only have access to > HR servers, but not development or corporate security servers and > so forth and so on. The network could potentially be set up with > role based servers in their own subent if need be so the groups > could be allowed to communicate only with certain subnets on the > LAN. We don't know if subnetting is a requirement or not, but we > suspect that it might be. > > I thought Cisco's mega-VPN beast could handle this but after > reading the documentation I am no long sure that it is possible. > This solution would initally have to scale for 100 users, and it > would be nice if it could scale into to an Enterprise size. > > The client is leaning towards a Cisco solution because the VPN > client can run on MS, OS X, and I believe Linux. > > Any thoughts? > > Greg > > > > -- > TriLUG mailing list : > http://www.trilug.org/mailman/listinfo/trilugTriLUG Organizational > FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc > -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
