How can I allow and restrict user access on my VPN client?

How is it possible to allow certain end-users access to a VPN client, while restricting or limiting others? Is there a way to do this?

Typically, remote access networks are guarded by AAA (authentication, authorization and accounting) functionality,...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

which starts with user provisioning. To accomplish this, a robust Identity Management system should be in place within any corporate access infrastructure. Also, a central user repository, such as LDAP or Active Directory, is typically at the heart of this central function.

The VPN access gateway ties into this infrastructure by verifying and authenticating remote access users against the central user directory. This ensures that any user is provisioned and, more importantly, de-provisioned correctly and in compliance with the user’s company profile. A sophisticated VPN access system will not only authenticate remote access users against the company user directory, but also synchronize users depending on LDAP attributes or Security Groups -- and map proper access privileges accordingly. So, depending on how the user’s identity is provisioned within the company, the VPN user management system maps specific access profiles to groups of users. Such access profiles, in turn, determine and enforce specific access restrictions for the dialup user. These restrictions might include authentication type, such as n-factor authentication; split tunneling; specific destination networks for which an SA (security association) is permitted; specific client firewall settings on the user access device; specific endpoint protection rules being enforced, allowing or preventing a user from establishing a VPN tunnel based on succinct criteria, such as operating system type and version; or other configuration parameters.

VPN client provisioning is another interesting point to bring up in this context. An advanced VPN access system will be capable of deploying user-specific access profiles via a secure provisioning process where the client’s personalized profile is managed from the VPN access management system and pushed to the VPN user the first time the connection is in a locked state. This prevents the user or any other third party from viewing or tampering with the VPN client profile. Obviously, such a requirement is easier to accomplish with a specialized client application, such as an IPsec VPN client, versus a browser-based application.

Email your VPN-related questions to editor@searchenterprisewan.com.

Related Resources

Global Report: Software Defined Networking & Services –IBM
Network - Software Defined Solutions and Services –Apcela

Dig Deeper on WAN technologies and services

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Networking experts

View all Networking questions and answers

Prep for SD-WAN challenges, and you'll reap its rewards

SD-WAN deployment in the works? Consider these 3 things

SD-WAN vs. VPN: How do they compare?

WAN (Wide Area Network)

NSC joins forces with Silver Peak SD-WAN services

A recap of notable 2018 networking trends and news

Enterprises move from SD-WAN testing to deployment, IHS says

Talari adds SD-WAN appliance for smaller edge sites

Prep for SD-WAN challenges, and you'll reap its rewards

SD-WAN deployment in the works? Consider these 3 things

WAN (Wide Area Network)

A glossary for the terms and types of WAN technologies

SD-WAN vs. VPN: How do they compare?

How does a WAN-cloud exchange work?

How Cisco's Viptela buy affects branch routers, IT customers

When to consider SD-WAN managed services

DIY SD-WAN more complex than some vendors admit

The future of VPN will reflect the need for flexibility

A deep dive into SD-WAN troubleshooting and monitoring

How your SD-WAN appliance can consolidate the branch stack

How types of noise in data communication systems affect the network

Are MPLS network deployments in decline?

New WAN access options improve availability, performance

Understanding the basics of a hybrid VPN

Please create a username to comment.

Understanding key video conferencing components

Zoom helps launch video conferencing hardware startup Neat

Zoom Phone takes center stage at Zoomtopia 2019

Google OEM config program enables quick updates to EMM

Why organizations of any size should consider IDaaS

How to manage Office 365 mobile apps for business

Improve server rack physical security with ISO standards

Essential private cloud migration steps

IBM quantum computers' usefulness in sight -- using binoculars

Hard disk capacity will soon hit 20 TB

Dell Technologies partner strategy reaps steady growth

Post-quantum cryptography unlocks opportunity for partners

Related Resources

Dig Deeper on WAN technologies and services

Related Q&A from Rainer Enders

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.