External consultant needs access to internal server
External consultant needs access to internal server.
We have a 2700, that is connected to the internet via x1 and has a range of 4 ip addresses allocated.
currently we have IPSEC VPN for our staff
(NOT SSL VPN, extended network , due to the security issues Sonicwall has experienced) ,
This VPN puts the VPN staff into our internal address space.
Ideally, we DO NOT want the consultants, to come into the same address space as other users.
- it's a security risk for the other users & the address space.
- it allows any machine in that address range to cross probe other machines (we need this for It diagnostics.)
- It gives full access to other business areas.
- Who knows what these external non-corporate types have on their computers.
We require that:
- We can setup another "pool" of VPN address space with relevant IP / another L2TP server.
- this Can be accessed via a DIFFERENT external IP address (we have 4 available)
- We can then keep this address space completely isolated from all our other assets and just have it that address space mapped to this server.
- We can have extra controls for security for this single user, like blocking internet browsing for porn etc whilst under the company network
You can laugh.... but consider if the user has page refresh set on the browser.... as soon as the browser is active , it goes and prefetches every recent site the user has visited... over the VPN via our ntetwork
Which puts the company in the position of having to report any illegal activity... (since it's our network.)