wayfarer1210
asked on
VPN restrict access to certain IP address
Hi,
We have a Microsoft PPTP VPN using RAS in a Windows 2003 Server Active Directory environment. My question is this:
We would like to restrict access to certain IP address by user/group using GPO I assume this can be done but we are struggling to find where this setting is kept within the Group Policy.
We have set up a user that belongs to a group within a specific OU so we can apply a GP to that particular OU.
Thanks in advance for any help offered
Regards
Rob
We have a Microsoft PPTP VPN using RAS in a Windows 2003 Server Active Directory environment. My question is this:
We would like to restrict access to certain IP address by user/group using GPO I assume this can be done but we are struggling to find where this setting is kept within the Group Policy.
We have set up a user that belongs to a group within a specific OU so we can apply a GP to that particular OU.
Thanks in advance for any help offered
Regards
Rob
ASKER
Hi,
We do not want to block access to IP addresses we would like to allow access to certain IP addresses only which in turn blocks access to any other IP address on our network. OK this is the situation in full:
We have a support company who will be supporting two servers remotely, when they log in via VPN we would like to restrict their access to only the two IP addresses of those servers.
Hopefully that will give you a better idea as to what we are trying to acheive?
Regards
Rob
We do not want to block access to IP addresses we would like to allow access to certain IP addresses only which in turn blocks access to any other IP address on our network. OK this is the situation in full:
We have a support company who will be supporting two servers remotely, when they log in via VPN we would like to restrict their access to only the two IP addresses of those servers.
Hopefully that will give you a better idea as to what we are trying to acheive?
Regards
Rob
hmm i think you will need to be looking at products such as ISA to implement this level of security as GP wont offer you this
http://www.microsoft.com/isaserver/default.mspx
http://www.microsoft.com/isaserver/default.mspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We did this recently on a Nortel VPN by enabling split tunneling. Then we defined the "networks" which were allowed in the tunnel to the IP address in question with a host mask. For instance:
192.168.1.100 255.255.255.255 would be a "network" (host) allowed into the tunnel.
Works great as long as the same IP doesn't exist on the other side of the VPN.
192.168.1.100 255.255.255.255 would be a "network" (host) allowed into the tunnel.
Works great as long as the same IP doesn't exist on the other side of the VPN.
ASKER
Thanks for all the help guys
Glad I could help. Hope everything works out.
group policy will not allow you to block access to an IP address i think you will need to outline what you are trying to acheive a little more :)
Cheers!