LAN Access Management enables you to give limited VPN access to users. This is especially useful when your machine is equipped with devices from different suppliers. For commissioning and maintenance purposes, these suppliers may require VPN access to their devices, but not to other devices.

Note that HTTP and VNC services add a port forwarding in the IXrouter. This makes them accessible to all users with VPN access, even if it's limited VPN access. Keep this in mind when configuring your IXrouter.

Configure limited VPN access

The VPN connect service already exists when you first register your IXrouter and cannot be removed. Access is determined by the access categories that you assign to Full access and the Limited access rules that you add. Users with access to one of these access categories will then gain full VPN access or will only be able to access the specified IP address and no other devices in the machine network. More information about access categories can be found here: User management explained.

1. If you haven't already, create a new access category for limited VPN access at Admin > Roles.
2. Go to Fleet Manager > Devices and click on your device name.
3. In the left menu, under Services, open the VPN connect settings.
4. Under Limited access, add limited access to a specific device in the machine network and assign it to the access category you just created.
   

Update your user management so users no longer have full VPN access, but instead can only access the devices you specified.

5. At Admin > Roles, edit the necessary roles to:
   • revoke access to the access category that grants full VPN access.
   • give access to this new access category that grants limited VPN access.
6. The above update changes the permissions of every user with these roles. If this is undesired, you may choose to create a separate role instead, at Admin > Roles, and assign it to the user at Portal > Users.