NSA 2700: Can specific users be restricted to connect to SSL VPN from a specific public IP?
In this scenario I have an NSA 2700 with SSL VPN set up to use domain authentication through RADIUS.
Currently "All RADIUS Users" being in the "SSLVPN Services" group means all users can sign in via NetExtender from effectively anywhere.
What I want to do is subject specific users on the domain to only be allowed to connect if they are connecting from a specific public IP. They also need to be able to use the OTP via Email option. Otherwise the rest of the domain users must still be able to connect from anywhere(without OTP via Email.)
Is this specific scenario possible?
Category: SSL VPN
Tagged:
0
Answers
Hello @C_B
If I understood your requirement correctly, you can do the first part but not at the same time the second one. You need to configure WAN to WAN Access Rule for the SSLVPN port. You can specify an "allow" rule for the specific public IPs as the source, and this needs to be followed by a deny Access Rule and "any" as the source.