Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Pix Access for Vendors

Status
Not open for further replies.
needalife

needalife

IS-IT--Management
Mar 6, 2003
12
0
0
US
I'm not a cisco guru: I have a pix 515e with vpn access to only internal IT staff. We have software support vendors asking if they can have access inside our network. How or what should be done to allow inside access to vendors? I do not want to give them our authentication passwords. Is there some else we could do through the pix?
 
Sort by date Sort by votes
Set up a different group password for them? Or allow remote desktop access to a single machine with an ACL that permits port 3389 TCP?
 
Upvote 0 Downvote
Upvote 0 Downvote
what kind of access are they requesting? You could always set up a terminal server on a windows box and lock it down with ACLs. Then create local windows account on the box for them. Throw in on one of the DMZs of the pix. Could be as simple as a Windows XP box or a Windows 2000 Server Box.
 
Upvote 0 Downvote
The vendors are requesting access to various servers we have. At this point, we have 3 vendors looking for support access to their software servers.

Reading these suggestions, I need to find the Pix for dummies book regarding AAA and Group passwords. If I setup AAA's, do the vendor need any special clients software loaded onto their PC's?

wybnormal: I'll flip through the cisco site again. I just didn't know what to look for.
 
Upvote 0 Downvote
No, AAA in this case is local to the PIX. It only allows access THROUGH the pix to the network resources. You can use the normal NT authentication the servers to handle the local access. But you can get very creative with ACLs to lock the vendor to specific IP addresses on the network.

the link I gave you has all the details for AAA :)

MikeS

Home of the book "Network Security Using Linux"
 
Upvote 0 Downvote
Thx Mr. wybnormal ... I think I've got it. AAA is what I want to do by locking the vendor to only access a server with ACL's. At least now I know where to start my homework.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
138
Johnkite
Johnkite
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
118
XLNTech1
XLNTech1
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
167
Shmid
Shmid
WhosYourDiffie
  • Locked
  • Question
Cisco ASA 5506 VPN for Avaya Phones
Replies
0
Views
51
WhosYourDiffie
WhosYourDiffie
acabezas2014
  • Locked
  • Question
Configuring ASA for Network Segmentation
Replies
1
Views
64
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top