I have the following network problem: Some users outside the LAN must have access to different servers. These users should not have access to the entire network, but only the server to which they are assigned. The major problem is that these users must exceed 2 LAN: User -> LAN1 -> LAN2 -> server.
To solve this problem I decided to install a server on LAN2 where all these users can access. The connection is made in RDP. Also on this server I installed Kerio Control which I'm setting some rules.
The problem is that I can not define the rules at the user level. I have to make sure that each user can only access that connects to some server LAN2. Furthermore, these connections can be performed simultaneously.
Can you suggest a proper infrastructure for this type of connection? It is impossible Kerio Control set of rules depending on the user logged in RDP?
Kerio is not a 'router' in common sense, you cannot route to another switch (correct me if im wrong)
I think you can solve your problem with NAT.
If your users use RPD, make a rule
Some_user -> firewall ip, port (some custom port 7777) ->Allow -> DNAT to your RDP server IP & port (3389)
So, your clients for their RDP should connect to ip-address-of-firewall:7777
and will be NAT-ted to server-ip's RDP.
Now the only problem would be, your users should first go to kerio's login page, authenificate themselves, and only then connect to RDP:7777. Because, the rule says "such user"->allow. And how would rule know if its him, when hes not authentificated, right?
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of