Controlling VPN access

75 pts.
Incident response
Intrusion management
Microsoft Access
Microsoft Windows
Network security
SQL Server
Here's my scenario. I fall under guidelines of HIPAA. I have mobile users using laptops and tablets loaded with Cisco VPN CLient connecting to my Cisco 2811 ISR which functions as my router/firewall/VPN. I am using Micorosoft AD in my domain. To authenticate users to the domain. Is there an easy way to assure that my users cannot access the domain resouces from a pc not in the domain? The VPN client is widely available and the config file is readily available by looking in the client side files. I need to make sur that they dont' load it into a personal PC at home and access in that manner. In your answer, please include good directions or a link to directions as I am over my head in trying to do this.

Answer Wiki

Thanks. We'll let you know when a new response is added.

You don’t really say how the laptops are connecting to the Internet, but if they are using something like Sprint or Verizon mobile cards, you should be able to set up an ACL that limits connections to a particular set of IP addresses.


Discuss This Question: 4  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Gforsythe
    They connect via DSL, or any broadband connection, mostly from home or from a hospital/nursing home setting. The VPN client assignes a virtual MAC when it connects, so the ACL is out.
    75 pointsBadges:
  • Dwiebesick
    You can do this with L2TP/IPSec and Certificates. However, I have not found a cut&past site that would not require you to fully understand these technologies. You can maybe do a Google search and find a site that you would feel comfortable following. L2TP/IPSec and Certificates will require the computers AND the users to authenticate. Maybe this will point you in a direction. Best of luck dmw
    2,235 pointsBadges:
  • bhannah
    Your initial part of the VPN tunnel should start at the firewall level. We used to use VPN tunneling and I had permanent broadband connection from my home to work. That permanent connection at the work end controlled what I had access to. From there, I had to log into the domain controller, which then gave me access to the network, and I also had to logon to the core system. These were two totally different logons and required different credentials to logon. Since then you had a permanent connection to the network and were part of the network, The network would then do some more authentication.
    4,590 pointsBadges:
  • Kevin Beaver
    What has a vulnerability assessment (HIPAA Risk Analysis or Evaluation requirements) uncovered in this area?
    27,520 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: