How to setup even more restricted permissions for VPN users on 2K RRAS

[Barry]

I have a 2K RRAS server setup so some clients can VPN into our intranet and
do what they need to do. Is there any way to setup better access rules so a
client that may only need access to one or two boxes doesn't necessarily
have free access to all of our servers? Yes, I know they would still need
to authenticate, but I don't like them even getting that far.

Thank you in advance,

Barry

 

[Herb Martin]

IPSec can help with this -- IPSec can do three things by a rule:
negotiate actual IPSec, PASS or BLOCK.

Block can be used as a "better filter" to allow/deny certain protocols
to/from certain address ranges.

 

[Wajihy [MSFT]]

yes on the remote access policy that will authenticate them you can add Ip
filters to allow them only to specific resources.

 

[Barry]

Perfect, thank you.

yes on the remote access policy that will authenticate them you can add Ip
filters to allow them only to specific resources.