Different IAS client policy for different IAS clients

[Ash Dey]

Hi,

Does anyone one know whether it is possible to apply two
different policies to two different IAS cilents from the
same IAS server? Is there any way to establish a link
between policies and the the sepcific IAS clients?

I beleive, by default all the policies defined in an IAS
server is automacially applied to the all the IAS clients
defined. Is there any exception to it?

I can achieve this by installing two IAS server, however
is it possible to achieve the same result with only one
IAS server?

Ash

 

[Wajihy [MSFT]]

you can do this just on one IAS server, by basing the remote access policy
either on windowsgroup, client station ID, or client IP ( which are
conditions)
thanks

 

[Herb Martin]

Does anyone one know whether it is possible to apply two

you can do this just on one IAS server, by basing the remote access policy
either on windowsgroup, client station ID, or client IP ( which are
conditions)

I understand the question differently -- the IAS or RADIUS "client" is the
"access point", RRAS server, or RADIUS proxy if you use one, which queries
IAS. It is not the "dial or VPN (user) client machine."

But either way it is possible using IAS-RADIUS.

For RADIUS clients there are match criteria for Client "Friendly name",
IP address, even vendor (different settings for CISCO than for MS RRAS.)

There are also specific settings for the network access server (probably
most useful when the "client" is the Proxy).

BUT if you mean the "dial or VPN" client then these can select the
policy/profile
set by User Group, or (if you have ANI) calling phone number.

There are other settings for date/time, protocol and tunnel types, etc.

What seems to be missing is any specific reference to the "client user's
machine" (as
opposed to the users themselves.)