HPE Community
Switches, Hubs, and Modems
1752451 Members
6275 Online
108788 Solutions
New Discussion юеВ

Re: restrict ip address

 
SOLVED
Go to solution
JaWe
Occasional Contributor

тАО07-19-2006 02:02 AM

тАО07-19-2006 02:02 AM

restrict ip address

Hi,
In our organisation some staff wants to work at home. We have a VPN solution (sonicwall) so staff can get connected via VPN to our network (they get at home a virtual network)adapter via VPN software. The virtual adapter gets an ip address from an addresspool from a dhcp (w2k) server (pool: 192.168.40.65 till 40.85). The Sonicwall acts in the same subnet (40.254). Behind the sonicwall we have a HP Procurve 5304xl switch. All servers in our farm are connected to that switch. At this time, all vpn users can access all the servers on the switch if they want so I want to restrict the DHCP pool only to one IP address they can access. For example: user A logs on with VPN to our network. The user gets ip address 192.168.40.66. the user can only ping/access to 1 other address, like 192.168.40.100. Is there a way to restrict a range of ip addresses to access 1 host/address in the same subnet?
Thanks in advance
0 Kudos
2 REPLIES 2
Matt Hobbs
Honored Contributor

тАО07-19-2006 02:20 AM

тАО07-19-2006 02:20 AM

Solution

Re: restrict ip address

Maybe on the sonicwall you could configure some type of restriction like that, but I don't think you can do this on the 5300 when both clients and servers are on the same subnet.

What you could do is create a new VLAN for either the users or the servers. Then using Access Control Lists on the 5300 you could restrict access like this.
Mohieddin Kharnoub
Honored Contributor

тАО07-19-2006 06:44 AM

тАО07-19-2006 06:44 AM

Re: restrict ip address

Hi

I think that can't be done in Hardware.
Lets say me connect now and got a DHCP ip which is the first one: 40.65 ,
then you connect after me and got 4.66
Ok then how you are going to restirct me to access only one IP, its a matter of Sessions in the Sonic Firewall.

And i have a trick, i can disconenct, and reconnect again to get another IP , and access different IP address.

I think you need an Assistance from a Access Control Software like ProCurve IDM (Maybe).

OR

If you know already what Server each user can Access, then the best solution for you is to use the RADIUS authentication, (thats again a software assistance).

I don;t think ACL will solve your Issue.

Please let us what you are up to, its really interested security thread.

Good Luck.
Science for Everyone
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.