Hi Expert
I have a Cisco ASA box. I've configured Cisco Remote Access VPN using IAS (Windows Server 2003 R2). It has been working very well for a year. For long, the domain user account being assigned in Security Group of "VPN Authentication", users just install Cisco VPN Client and import my PCF, they can connect to VPN.
Recently, I've configured Cisco Cut-Through Proxy in this Cisco ASA box using IAS. Create a security group of "Internet Authentication", assign some users to this group. Users get prompt for authentication box when they go 1st website (e.g
www.google.com). Users type their own domain username and password, it was authenticated successfully and go to the web.
However, those users who have only security group of "Internet Authentication", they are able to connect to Cisco VPN, because I purposely install Cisco VPN Client and import the pcf file.
I wonder that what I should add in Remote Access Policy of IAS, so that, a user with "Internet Authentication" without "VPN Authentication" assigned, he only allow access Internet but no VPN. Similarly, a remote user only assigned with "VPN Authentication" without "Internet Authentication", he can only access VPN without Internet access.
Your help is very much appreciated.
Start Free Trial
