VPN Scenario...Need help

faisal_246 · 02-02-2005, 07:46 PM

Ok guys, I got a real life scenario here and I need your help.

INFRASTRUCTURE:
At work we have a windows 2000 domain. There is one domain controller, one member server and client computers. All computers are on same subnet. We have a hardware firewall (FortiGate). Member server is configured for dialup remote access. A modem is directly connected to this member server and one local user on this server is configured to connect to this server.

SCENARIO:
Now we want to configure this member server as VPN server so the user can access it through VPN. The user needs full permissions (administrator) on this member server but should not be able to access any other computer on the network.
As far as the VPN server configuration is, it is already configured for VPN connection and with two IP addresses to assign to VPN client and VPN server itself.
What I don't know is that how to configure user account (local user or active directory user) so it has full permissions on this member server but no permission on any other computer. Second, we also need to configure firewall to forward VPN. Believe me this firewall has a lot of things to configure about VPN

. It has following options for VPN authentication
1. Create new user account and password on firewall itself
or
2. forward authentication to RADIUS server
or
3. forward authentication to LDAP server
I am not sure what to do. It also asks for the IP address range to assign to VPN clients when we enable VPN. Thats ok, I can give it a range of IP addresses here but then what about the range that we configure on VPN server? I really don't know who is gonna authenticate and assign IP to VPN client.

Please help me with this scenario. I have the documentation (pdf file) for firewall if you guys need to look at VPN configuration. I can send it to you.

Thanks a lot guys

office politics · 02-03-2005, 04:13 PM

the server will assign the client ips. i suggest you set the vpn server with a static ip on the same network. be sure to exclude these addresses from dhcp, if you're running it.

don't you setup a user on the vpn server for the users connecting to it? I'd think that would define the rights on that local pc, then have a network login for the rest.

what os is on the vpn box?

02-02-2005, 07:46 PM	#1 (permalink)
faisal_246 Newb Techie Join Date: Jan 2005 Posts: 3	VPN Scenario...Need help Ok guys, I got a real life scenario here and I need your help. INFRASTRUCTURE: At work we have a windows 2000 domain. There is one domain controller, one member server and client computers. All computers are on same subnet. We have a hardware firewall (FortiGate). Member server is configured for dialup remote access. A modem is directly connected to this member server and one local user on this server is configured to connect to this server. SCENARIO: Now we want to configure this member server as VPN server so the user can access it through VPN. The user needs full permissions (administrator) on this member server but should not be able to access any other computer on the network. As far as the VPN server configuration is, it is already configured for VPN connection and with two IP addresses to assign to VPN client and VPN server itself. What I don't know is that how to configure user account (local user or active directory user) so it has full permissions on this member server but no permission on any other computer. Second, we also need to configure firewall to forward VPN. Believe me this firewall has a lot of things to configure about VPN . It has following options for VPN authentication 1. Create new user account and password on firewall itself or 2. forward authentication to RADIUS server or 3. forward authentication to LDAP server I am not sure what to do. It also asks for the IP address range to assign to VPN clients when we enable VPN. Thats ok, I can give it a range of IP addresses here but then what about the range that we configure on VPN server? I really don't know who is gonna authenticate and assign IP to VPN client. Please help me with this scenario. I have the documentation (pdf file) for firewall if you guys need to look at VPN configuration. I can send it to you. Thanks a lot guys

02-03-2005, 04:13 PM	#2 (permalink)
office politics Dope Tech Join Date: Jan 2004 Posts: 3,645	the server will assign the client ips. i suggest you set the vpn server with a static ip on the same network. be sure to exclude these addresses from dhcp, if you're running it. don't you setup a user on the vpn server for the users connecting to it? I'd think that would define the rights on that local pc, then have a network login for the rest. what os is on the vpn box? __________________ Tech IMO.com \| ExtremeTech.com \| ASP Free.com \| SysOpt.com \| Tech Support Guy.org DB Forums.com \| Cyber Tech Help.com \| Lazy Forums.com \| Warrior Nation.net 'If you don't stand for somethin you'll fall for anything' - Dr. Dre Been there, done that

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode