Allow 1 user to access 1 server using PPTP and RDP

810 pts.
Tags:
IP address
PPTP
RRAS
Virtual Server
VPN
I have been tasked with the following this morning.

1 user from an external company needs access to a virtual server to do some SQL work. he is going to be dialing in from somewhere else using PPTP. I was asked to make sure he can only access the virtual server after he creates the VPN connection. (he is not aloud to access any other server on the network)

Can anyone tell me how this is done please?

Public IP = 123.456.789.123

Virtual Server = 192.168.0.95



Software/Hardware used:
Windows

Answer Wiki

Thanks. We'll let you know when a new response is added.

Just wondering if there is anyone out there able to assist in this matter please

————————

Something we do relatively frequently:

1) On the Client SonicWall / ASA:
– Create Local “user account”
– Enable / Create PPTP / L2TP Service on device
– Restrict User to certain Host / Subnet on network

2) On Servers:
– Create User account for External user to log in with
– Restrict Login ability on user account for only the Machines / subnet they need

Simple yet effective…

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Mhclupe
    Do you have an SSL box or does your firewall have and SSL you can use? If so, create a "Virtual Office" profile that will point him directly to the server via IP address. Example: We login to our SSL box (Sonicwall) as admin, select the users icon, "add a user". Once the user is added we select the "Configure" button and set the user up to enter a specific area only.
    10 pointsBadges:
    report
  • orangehat
    If you must use pptp you'll probably need to configure the input and output filters on the remote access policies. take a look at http://forum.pfsense.org/index.php?PHPSESSID=17errgn47rbnigav57sblnvqt0&/topic,23437.msg121684.html#msg121684
    1,735 pointsBadges:
    report
  • greatjubee
    When you set up the incoming connection for the PPTP go to the networking setup and uncheck the box the say Allow users to access Local Area Network. that will keep him from accessing any other computer on you local LAN.
    165 pointsBadges:
    report
  • Pjb0222
    Restrict the ID he uses to log into the one specific server and deny (interactive) login to all other servers to restrict access. You will need to determine what all he needs to access to complete the SQL work. If you do not need to restrict him from anything else, that may be sufficient. Don't forget, once he is on the server he is "in your network." It will be extremely difficult if not impossible to restrict him from accessing the network from the server.
    3,310 pointsBadges:
    report
  • Sixball
    Disagree with "Don’t forget, once he is on the server he is “in your network.” It will be extremely difficult if not impossible to restrict him from accessing the network from the server." In AD, it is possible to ONLY allow a certain user access to certain devices. If they log into a server and attempt to log into any other PC / Server / Device with their restricted credentials, they will be completely denied access
    8,705 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following