Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

restrict ip address

SOLVED
Go to solution
JaWe
Occasional Contributor

restrict ip address

Hi,
In our organisation some staff wants to work at home. We have a VPN solution (sonicwall) so staff can get connected via VPN to our network (they get at home a virtual network)adapter via VPN software. The virtual adapter gets an ip address from an addresspool from a dhcp (w2k) server (pool: 192.168.40.65 till 40.85). The Sonicwall acts in the same subnet (40.254). Behind the sonicwall we have a HP Procurve 5304xl switch. All servers in our farm are connected to that switch. At this time, all vpn users can access all the servers on the switch if they want so I want to restrict the DHCP pool only to one IP address they can access. For example: user A logs on with VPN to our network. The user gets ip address 192.168.40.66. the user can only ping/access to 1 other address, like 192.168.40.100. Is there a way to restrict a range of ip addresses to access 1 host/address in the same subnet?
Thanks in advance
2 REPLIES
Matt Hobbs
Honored Contributor
Solution

Re: restrict ip address

Maybe on the sonicwall you could configure some type of restriction like that, but I don't think you can do this on the 5300 when both clients and servers are on the same subnet.

What you could do is create a new VLAN for either the users or the servers. Then using Access Control Lists on the 5300 you could restrict access like this.
Mohieddin Kharnoub
Honored Contributor

Re: restrict ip address

Hi

I think that can't be done in Hardware.
Lets say me connect now and got a DHCP ip which is the first one: 40.65 ,
then you connect after me and got 4.66
Ok then how you are going to restirct me to access only one IP, its a matter of Sessions in the Sonic Firewall.

And i have a trick, i can disconenct, and reconnect again to get another IP , and access different IP address.

I think you need an Assistance from a Access Control Software like ProCurve IDM (Maybe).

OR

If you know already what Server each user can Access, then the best solution for you is to use the RADIUS authentication, (thats again a software assistance).

I don;t think ACL will solve your Issue.

Please let us what you are up to, its really interested security thread.

Good Luck.
Science for Everyone