• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1355
  • Last Modified:

VPN restrict access to certain IP address

Hi,

We have a Microsoft PPTP VPN using RAS in a Windows 2003 Server Active Directory environment.  My question is this:

We would like to restrict access to certain IP address by user/group using GPO I assume this can be done but we are struggling to find where this setting is kept within the Group Policy.

We have set up a user that belongs to a group within a specific OU so we can apply a GP to that particular OU.

Thanks in advance for any help offered

Regards

Rob
0
wayfarer1210
Asked:
wayfarer1210
  • 2
  • 2
  • 2
  • +1
1 Solution
 
Jay_Jay70Commented:
Hi wayfarer1210,

group policy will not allow you to block access to an IP address    i think you will need to outline what you are trying to acheive a little more :)

Cheers!
0
 
wayfarer1210Author Commented:
Hi,

We do not want to block access to IP addresses we would like to allow access to certain IP addresses only which in turn blocks access to any other IP address on our network.  OK this is the situation in full:

We have a support company who will be supporting two servers remotely, when they log in via VPN we would like to restrict their access to only the two IP addresses of those servers.

Hopefully that will give you a better idea as to what we are trying to acheive?

Regards

Rob
0
 
Jay_Jay70Commented:
hmm i think you will need to be looking at products such as ISA to implement this level of security as GP wont offer you this
http://www.microsoft.com/isaserver/default.mspx
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
adamdrayerCommented:
Actually you should be able to restict users and IP addresses in the Routing And Remote Access section of the Server.  Goto Administrative Tools and then RRAS (Routing and Remote Access).  Next goto the Remote Access Policies, and find the policies that match the conditions your support comany will be logging in as.  Right-click and goto properties.  You should see a button that says "Edit Profile" or something similar.  Click that and go to the IP tab.  You should be able to setup filters that way.

Be careful when fooling around with RRAS security policies.  They are, IMHO, by far more complicated than GPO and NTFS permissions put together.  
0
 
pseudocyberCommented:
We did this recently on a Nortel VPN by enabling split tunneling.  Then we defined the "networks" which were allowed in the tunnel to the IP address in question with a host mask.  For instance:

192.168.1.100 255.255.255.255 would be a "network" (host) allowed into the tunnel.

Works great as long as the same IP doesn't exist on the other side of the VPN.
0
 
wayfarer1210Author Commented:
Thanks for all the help guys
0
 
adamdrayerCommented:
Glad I could help.  Hope everything works out.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now