How can I allow and restrict user access on my VPN client?

How is it possible to allow certain end-users access to a VPN client, while restricting or limiting others? Is there a way to do this?

Typically, remote access networks are guarded by AAA (authentication, authorization and accounting) functionality,...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

which starts with user provisioning. To accomplish this, a robust Identity Management system should be in place within any corporate access infrastructure. Also, a central user repository, such as LDAP or Active Directory, is typically at the heart of this central function.

The VPN access gateway ties into this infrastructure by verifying and authenticating remote access users against the central user directory. This ensures that any user is provisioned and, more importantly, de-provisioned correctly and in compliance with the user’s company profile. A sophisticated VPN access system will not only authenticate remote access users against the company user directory, but also synchronize users depending on LDAP attributes or Security Groups -- and map proper access privileges accordingly. So, depending on how the user’s identity is provisioned within the company, the VPN user management system maps specific access profiles to groups of users. Such access profiles, in turn, determine and enforce specific access restrictions for the dialup user. These restrictions might include authentication type, such as n-factor authentication; split tunneling; specific destination networks for which an SA (security association) is permitted; specific client firewall settings on the user access device; specific endpoint protection rules being enforced, allowing or preventing a user from establishing a VPN tunnel based on succinct criteria, such as operating system type and version; or other configuration parameters.

VPN client provisioning is another interesting point to bring up in this context. An advanced VPN access system will be capable of deploying user-specific access profiles via a secure provisioning process where the client’s personalized profile is managed from the VPN access management system and pushed to the VPN user the first time the connection is in a locked state. This prevents the user or any other third party from viewing or tampering with the VPN client profile. Obviously, such a requirement is easier to accomplish with a specialized client application, such as an IPsec VPN client, versus a browser-based application.

Email your VPN-related questions to editor@searchenterprisewan.com.

Dig Deeper on WAN technologies and services

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

WAN (Wide Area Network)

NSC joins forces with Silver Peak SD-WAN services

A glossary for the terms and types of WAN technologies

DIY SD-WAN more complex than some vendors admit

NSC joins forces with Silver Peak SD-WAN services

A recap of notable 2018 networking trends and news

Enterprises move from SD-WAN testing to deployment, IHS says

Talari adds SD-WAN appliance for smaller edge sites

WAN (Wide Area Network)

A glossary for the terms and types of WAN technologies

Network as a Service (NaaS)

How do I choose between SD-WAN, DMVPN and IPsec tunnels?

How does a WAN-cloud exchange work?

How Cisco's Viptela buy affects branch routers, IT customers

When to consider SD-WAN managed services

The far-reaching benefits of SD-WAN improve network edge to inner layers

DIY SD-WAN more complex than some vendors admit

The future of VPN will reflect the need for flexibility

A deep dive into SD-WAN troubleshooting and monitoring

How your SD-WAN appliance can consolidate the branch stack

How types of noise in data communication systems affect the network

Are MPLS network deployments in decline?

New WAN access options improve availability, performance

Understanding the basics of a hybrid VPN

Please create a username to comment.

Cisco adds UC headset management to IT console

Support external collaboration with guest access and federation

Businesses must replace cloud Skype phones by 2023

Key iOS enterprise security vulnerabilities IT should know

Enterprise mobility management software offerings and use cases

Samsung-Microsoft partnership will benefit end users

Iran says it's building an AI supercomputer, despite sanctions

IBM Power chip instruction set now open source

Big Switch updates its Cloud-First Networking portfolio

Managed services companies remain hot M&A ticket

Oracle OpenWorld hones in on IaaS, database and AI

Workplace by Facebook partners evolve as demand grows

Dig Deeper on WAN technologies and services

Related Q&A from Rainer Enders

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.