darkmoo
09-21-2006, 02:58 AM
Is there a way in RRAS for Windows 2003 to restrict internal traffic for a
VPN user. ie. User one connects & should only have connectivity to one
target IP within LAN?
Janani Vasudevan [MSFT]
09-21-2006, 06:07 AM
You can do this by using 'Remote access policies'. Follow the below steps
for this:
1) Create a user group say "GRP1" and add the user for whom you want to
restrict access say"User1" to this group. (We need to do this because we can
specify only user groups in the conditions of the remote access policy and
cannot specify the user itself.)
2) Now create a remote access policy with conditions saying "User group
matches 'GRP1'"
3) In the Profile of this remote access policy, in the IP tab under "IP
filters" select the inbound/outbound filters that you want to be applied for
this particular user group and hence user.
Let me know if you need more clarifications
--
Janani Vasudevan [MSFT]
Software Design Engineer/Test
RRAS, Windows Enterprise Networking
http://blogs.msdn.com/jananiv
RRAS blog: http://blogs.technet.com/rrasblog
[This posting is provided "AS IS" with no warranties, and confers no
rights.]
"darkmoo" <nospam@nospam.net> wrote in message
news:pan.2006.09.21.01.58.18.969000@nospam.net...
> Is there a way in RRAS for Windows 2003 to restrict internal traffic for a
> VPN user. ie. User one connects & should only have connectivity to one
> target IP within LAN?
Robert L [MVP - Networking]
09-21-2006, 02:46 PM
Janani,
Thank you for the tip.
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"Janani Vasudevan [MSFT]" <jananiv@microsoft.com> wrote in message news:OrvKPvT3GHA.2096@TK2MSFTNGP05.phx.gbl...
You can do this by using 'Remote access policies'. Follow the below steps
for this:
1) Create a user group say "GRP1" and add the user for whom you want to
restrict access say"User1" to this group. (We need to do this because we can
specify only user groups in the conditions of the remote access policy and
cannot specify the user itself.)
2) Now create a remote access policy with conditions saying "User group
matches 'GRP1'"
3) In the Profile of this remote access policy, in the IP tab under "IP
filters" select the inbound/outbound filters that you want to be applied for
this particular user group and hence user.
Let me know if you need more clarifications
--
Janani Vasudevan [MSFT]
Software Design Engineer/Test
RRAS, Windows Enterprise Networking
http://blogs.msdn.com/jananiv
RRAS blog: http://blogs.technet.com/rrasblog
[This posting is provided "AS IS" with no warranties, and confers no
rights.]
"darkmoo" <nospam@nospam.net> wrote in message
news:pan.2006.09.21.01.58.18.969000@nospam.net...
> Is there a way in RRAS for Windows 2003 to restrict internal traffic for a
> VPN user. ie. User one connects & should only have connectivity to one
> target IP within LAN?