Anyway to limit IP Access for Certain Users?

Question

I am currently tasked with allowing Vendors onto our process network. The issue is I need to make it so each vendor is only able to connect to PLCs on their own machines "each PLC has its own IP". Is there a way to limit what IP addresses a windows user can connect to per user?

This is a windows environment running Rockwell Software "Allen Bradley PLCs"

Example:

User1@local.com can connect to PLCs on 172.20.10.10, 172.20.10.23, 172.20.40.28

User2@local.com can connect to PLCs on 172.20.10.90, 172.20.10.70, 172.20.40.20

User3@local.com can connect to PLCs on 172.20.10.99, 172.20.10.170, 172.20.40.92

Have the users connect through a VPN of some sort and then configure their VPN accounts with the desired network ACLs. — EEAA, Jun 19 '16 at 02:45

score 2 · Answer 1 · answered Jun 19 '16 at 07:14

2

Yes, you can set up IPsec policies based on computer group membership or IPs. Depending on your AD version and clients, you could also use authentication silos.

answered Jun 19 '16 at 07:14

Jim B

24,081
4
36
60

Do you have any good examples of multiple IPSec policies that would accomplish this? – Wally Jun 21 '16 at 02:10

Anyway to limit IP Access for Certain Users?

1 Answers1