[TriLUG] OT: policy based VPNs on LAN?

jonc at nc.rr.com jonc at nc.rr.com
Tue Mar 8 14:10:23 EST 2005


You could hard-code access by IP address - and make sure that you don't route IP's across switches... but it sounds like you want e-directory from Novell.

Jon

----- Original Message -----
From: "gregbrown at mindspring.com" <gregbrown at mindspring.com>
Date: Monday, March 7, 2005 8:43 pm
Subject: [TriLUG] OT: policy based VPNs on LAN?

> This is really more of a general routing/switch/secuirty question 
> then OSS - but if a OSS solution is possible that would be even 
> better.  I'm approaching the edge of my dynamic VPN know-how so I 
> wanted to throw this out to the wolves. :)  The scenario is this:
> 
> Security Paranoid Company would like to define access to various 
> parts of the network based upon user roles.  SPC also would like 
> users to be forced to use not only a username/password but a 
> security token for login (like a secureID token).  
> 
> The initial idea was to create groups that the network admin can 
> create rules against.  So the HR people would only have access to 
> HR servers, but not development or corporate security servers and 
> so forth and so on.  The network could potentially be set up with 
> role based servers in their own subent if need be so the groups 
> could be allowed to communicate only with certain subnets on the 
> LAN.  We don't know if subnetting is a requirement or not, but we 
> suspect that it might be.
> 
> I thought Cisco's mega-VPN beast could handle this but after 
> reading the documentation I am no long sure that it is possible.  
> This solution would initally have to scale for 100 users, and it 
> would be nice if it could scale into to an Enterprise size.
> 
> The client is leaning towards a Cisco solution because the VPN 
> client can run on MS, OS X, and I believe Linux.
> 
> Any thoughts?
> 
> Greg
> 
> 
> 
> -- 
> TriLUG mailing list        : 
> http://www.trilug.org/mailman/listinfo/trilugTriLUG Organizational 
> FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> 




More information about the TriLUG mailing list