• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1369
  • Last Modified:

VPN restrict access to certain IP address

Hi,

We have a Microsoft PPTP VPN using RAS in a Windows 2003 Server Active Directory environment.  My question is this:

We would like to restrict access to certain IP address by user/group using GPO I assume this can be done but we are struggling to find where this setting is kept within the Group Policy.

We have set up a user that belongs to a group within a specific OU so we can apply a GP to that particular OU.

Thanks in advance for any help offered

Regards

Rob
0
wayfarer1210
Asked:
wayfarer1210
  • 2
  • 2
  • 2
  • +1
1 Solution
 
Jay_Jay70Commented:
Hi wayfarer1210,

group policy will not allow you to block access to an IP address    i think you will need to outline what you are trying to acheive a little more :)

Cheers!
0
 
wayfarer1210Author Commented:
Hi,

We do not want to block access to IP addresses we would like to allow access to certain IP addresses only which in turn blocks access to any other IP address on our network.  OK this is the situation in full:

We have a support company who will be supporting two servers remotely, when they log in via VPN we would like to restrict their access to only the two IP addresses of those servers.

Hopefully that will give you a better idea as to what we are trying to acheive?

Regards

Rob
0
 
Jay_Jay70Commented:
hmm i think you will need to be looking at products such as ISA to implement this level of security as GP wont offer you this
http://www.microsoft.com/isaserver/default.mspx
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
adamdrayerCommented:
Actually you should be able to restict users and IP addresses in the Routing And Remote Access section of the Server.  Goto Administrative Tools and then RRAS (Routing and Remote Access).  Next goto the Remote Access Policies, and find the policies that match the conditions your support comany will be logging in as.  Right-click and goto properties.  You should see a button that says "Edit Profile" or something similar.  Click that and go to the IP tab.  You should be able to setup filters that way.

Be careful when fooling around with RRAS security policies.  They are, IMHO, by far more complicated than GPO and NTFS permissions put together.  
0
 
pseudocyberCommented:
We did this recently on a Nortel VPN by enabling split tunneling.  Then we defined the "networks" which were allowed in the tunnel to the IP address in question with a host mask.  For instance:

192.168.1.100 255.255.255.255 would be a "network" (host) allowed into the tunnel.

Works great as long as the same IP doesn't exist on the other side of the VPN.
0
 
wayfarer1210Author Commented:
Thanks for all the help guys
0
 
adamdrayerCommented:
Glad I could help.  Hope everything works out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now