--===============0499612875==
Content-Type: multipart/alternative;boundary="----=_20051101154518_51933"

------=_20051101154518_51933
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Tue, November 1, 2005 11:29, pankaj singla wrote:

> The problem now is that we want to give access


> to our servers to out users who already have access to


> corporate servers but not to everyone who has vpn


> access. We can not filter using IP adresses as they


> are provided dynamicall. So, is there any way that we


> could allow only authenticated vpn users to access out


> resources while blocking others.




It sounds like you have two security managment domains, correct?*
(I.e. "yours" and "corporate")* The most
straighforward aproach would be to have the corporate VPN device
permit/deny traffic to your servers based on the user Id they logged in
with.* Without knowing the type of access you're wanting to limit,
I'll have to guess at some answers.



If the servers are UNIX, you could issue SSH keys to the people you want
on, then open that port up to the corporate VPN DHCP range.



If the servers are Windows, you might have to investigate the domain
security options and permit/deny people based on their login credentials
too.



If the type of connection is a client-server application based on a
programs specific protocol, then you'll have to investigate an application
layer proxy or security mechanism within the server application
itself.



Dan



- - - - -

"Wait for that wisest of all counselors, time." -- Pericles

"I do not fear computer, I fear the lack of them." -- Isaac
Asimov

GPG fingerprint:6FFD DB94 7B96 0FD8 EADF 2EE0 B2B0 CC47 4FDE 9B68

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDZ+HusrDMR0/em2gRAvjBAJwL2fOk2pK8wRorndAa/YUdVF9MCwCg6ImG
0u2HgRhmjl+/9OMg1j/drAc=
=9Di0
-----END PGP SIGNATURE-----
------=_20051101154518_51933
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On Tue, November 1, 2005 11:29, pankaj singla wrote:

> The problem now is that we want to give access

> to our servers to out users who already have access to

> corporate servers but not to everyone who has vpn

> access. We can not filter using IP adresses as they

> are provided dynamicall. So, is there any way that we

> could allow only authenticated vpn users to access out

> resources while blocking others.



It sounds like you have two security managment domains, correct? 
(I.e. "yours" and "corporate")  The most
straighforward aproach would be to have the corporate VPN device
permit/deny traffic to your servers based on the user Id they logged in
with.  Without knowing the type of access you're wanting to limit,
I'll have to guess at some answers.



If the servers are UNIX, you could issue SSH keys to the people you want
on, then open that port up to the corporate VPN DHCP range.



If the servers are Windows, you might have to investigate the domain
security options and permit/deny people based on their login credentials
too.



If the type of connection is a client-server application based on a
programs specific protocol, then you'll have to investigate an application
layer proxy or security mechanism within the server application
itself.



Dan



- - - - -

"Wait for that wisest of all counselors, time." -- Pericles

"I do not fear computer, I fear the lack of them." -- Isaac
Asimov

GPG fingerprint:6FFD DB94 7B96 0FD8 EADF 2EE0 B2B0 CC47 4FDE 9B68

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDZ+HusrDMR0/em2gRAvjBAJwL2fOk2pK8wRorndAa/YUdVF9MCwCg6ImG
0u2HgRhmjl+/9OMg1j/drAc=
=9Di0
-----END PGP SIGNATURE-----
------=_20051101154518_51933--



--===============0499612875==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
VPN mailing list
VPN@lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/vpn
--===============0499612875==--