Remote Access Policies - Order is blocking for different access levels

[Tobias]

Hi guys,

I am new to RAS. I am looking for information on the following:

I am trying to set up access policies in a windows 2000 environment.
We are encrypted by hardware tokens and want our users to be able to access
from any IP address to our internal ip address.

When we are configuring the policies for Admins and special users they are
set up in an order;
- routing and remote access - vpn server - remote access policies.

The orders seems to be dependent of each other. If a user is not in the
group that has rights to access through order 1, then he cannot access the
ports that he is allowed to access in order 2. However we cannot grant
further rights than the ones configured in order 1.

Example:
Order 1 is configured to allow group A to connect any time of the week on
some ports (group A= admins)
Order 2 is configured to allow group B to connect any time of the week all
ports (group b=hand picked persons from admins group)

Our user from group B cannot access all if order 1 is at the top, but if
order 2 is on the top then the admins that are in group A but not in group B
cannot access at all.


How do we configure our policies to work independent of each other ?


Thanks in advance

 

[Dmitry Korolyov]

Follow the simple rule: RRAS will use only the first policy that user
matches.