Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 19 replies
  • Subscribers 1 subscriber
  • Views 5056 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best scenario for remote support personnel.

touchwood
Have a new accounts server installed which will need semi permanent remote access by external software support personnel. I need the remote support access to only connect to that particular server in the network.
Now with a VPN SSL connection Automatic packet filter rules confine access to networks not IP's.
Is there a method to confine a remote connection (other than VNC etc. that can be controlled via packet filtering) that will lock a particular user to a specific ip.

Thanks

David


This thread was automatically locked due to age.
Parents
  • 0
    That's a very creative approach, and should work as advertised!  However, it seems more complicated than what Touchwood was asking for in his original post.  To take your original idea and Suzzyx's, it seems like just creating the following packet filter rule would work if indeed 'Username (Network)' resolves when 'Username' is connected via SSL VPN:

    Source: 'Username (Network)'
    Service: RDP (or other desired service(s))
    Destination: [host(s) you want to make available]
    Allow


    In L2TP over IPsec, I would create 'Username' with a fixed, Remote Access IP, say 10.20.30.40, then create two PF rules, in order as follows:

    Source: [10.20.30.40]
    Service: RDP (or other desired service(s))
    Destination: [host(s) you want to make available]
    Allow

    Source: [10.20.30.40]
    Service: Any
    Destination: Any
    Drop



    Cheers - Bob
    PS Touchwood, please report back on what you tried and what worked and didn't. Thanks!
Reply
  • 0
    That's a very creative approach, and should work as advertised!  However, it seems more complicated than what Touchwood was asking for in his original post.  To take your original idea and Suzzyx's, it seems like just creating the following packet filter rule would work if indeed 'Username (Network)' resolves when 'Username' is connected via SSL VPN:

    Source: 'Username (Network)'
    Service: RDP (or other desired service(s))
    Destination: [host(s) you want to make available]
    Allow


    In L2TP over IPsec, I would create 'Username' with a fixed, Remote Access IP, say 10.20.30.40, then create two PF rules, in order as follows:

    Source: [10.20.30.40]
    Service: RDP (or other desired service(s))
    Destination: [host(s) you want to make available]
    Allow

    Source: [10.20.30.40]
    Service: Any
    Destination: Any
    Drop



    Cheers - Bob
    PS Touchwood, please report back on what you tried and what worked and didn't. Thanks!
Children