Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Vpn client authorization
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
Vpn client authorization - 1.Jul.2008 12:42:11 PM
|
|
|
naj
Posts: 18
Joined: 30.Apr.2008
Status: offline
|
HI
I have my vpn clients connecting through my ISA server ,Iam using AD and allowing users through AD users and computers dial in tap and I would like to just allow users through my VPN groups in ISA server How can I make use of remote access policy or any other mains
thank you
|
|
|
|
|
RE: Vpn client authorization - 2.Jul.2008 1:53:16 AM
|
|
|
naj
Posts: 18
Joined: 30.Apr.2008
Status: offline
|
Hi tareq
sorry may be I was not clear but what I wanted to say is
how can I make use of remote access policy on my ISA to override the setting in the AD setting in the dile in tap , hence allow only the selected users in the remote access policy (even the other users have dile in tap enable they should not be able to access the VPN)
as if now all my users who have dile in tap enabled could access my vpn how can i
prevent them
thanks
|
|
|
|
|
RE: Vpn client authorization - 2.Jul.2008 4:32:59 AM
|
|
|
justmee
Posts: 503
Joined: 14.May2007
Status: offline
|
Hi Naj,
You can add on ISA in the Configure VPN Client Access/Groups tab a domain global group which is permitted to dial-in(doing so you modify ISA's default remote policy on RAS).
However, you need your users to have their dial-in permission set to Control access through Remote Access Policy. So you can use group-based allowed access for dial-in.
The setting per user account overrides the permissions set on the remote access policy. If individual access permissions are specified in the user's profile(such as allow or deny), they will "nulify" the remote access policy.
Regards,
J
|
|
|
|
|
RE: Vpn client authorization - 3.Jul.2008 5:11:43 AM
|
|
|
naj
Posts: 18
Joined: 30.Apr.2008
Status: offline
|
Hi J
If I have users diling in using modems to the ras (not vpn) and have vpn users
I set my modem dile in users in the AD (dile in tap) allow dile in and VPN users through remote access policy I found out that my dile in users can also access my VPN is there any way out of this pls
thanks
|
|
|
|
|
RE: Vpn client authorization - 3.Jul.2008 10:10:32 AM
|
|
|
justmee
Posts: 503
Joined: 14.May2007
Status: offline
|
Hi Naj,
Why don't you set your users' Dial-in permissions to Control access through Remote Access Policy?
Configure a remote access policy for your dial-up users. On ISA you will have one for your VPN users.
As far as I know, if your users' permissions are set to Allow, there is nothing you can do with the remote access policy to block them.
This script may help you find out what users still have the permissions set to Allow:
Hey, Scripting Guy! How Can I Find All the Users with Remote Access Permissions?
http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug05/hey0825.mspx
Regards,
J
|
|
|
|
|
RE: Vpn client authorization - 3.Jul.2008 10:19:09 AM
|
|
|
elmajdal
Posts: 5040
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
|
and even if your users dial in into ISA Server, they will need to have rules configured on ISA Server in order to be able to communicate with any resource on your Network.
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
