VPN access question

[Phil]

I have a customer connecting to our network through
windows 2000 server VPN. I would like to restrict their
access to only one server on the network, that is the only
one they need to connect to. I have active directory set
up. Is there a way to effectively restrict their account
to one server when connection through VPN? I appreciate
any replies, thank you.

Phil

 

[Sam Salhi [MSFT]]

The way to do this is through IP Filters
Craft a filter for this user that restricts his network access to one filter
only

 

[Steven Umbach]

You can control access to computers via the allow and deny access this computer
from the network in the appropriate security policy. Another way is to create a
group for that user, add him to the group and then create a remote access policy
for that group and in edit profile/ip - ip packet filters, configure the filters
to allow traffic for his connection to go to from only appropriate computers. Be
careful in ordering your remote access policies, as the first policy that
matches the user applies --- Steve

 

[Phil]

I was so close I figured it would be controlled in the
remote access policy. The IP filter worked great. When I
connect with the username/pwd for the customer I can only
ping the IP address of the machine they need connectivity
for. Thanks for the replies guys.
Phil