We recently invested in a Cisco SSL VPN solution and are doing away with our MS RAS VPN solution. We want to keep it active, but just for a limited group of people. We have a Server 2003/2008 Active Directory infrastructure. RAS is running on 2003. I removed and reinstalled the RAS feature, and in Remote Access Policies, I restricted it to the following under 'Connections to Microsoft Routing and Remote Access server':
MS-RAS-Vendor matches "^311$" AND
Windows-Groups matches "MYDOMAIN\RAS Access"
At the bottom, where it says 'If a connection request matches the specified conditions:', Grant remote access permission is selected.
The issue is that some people who aren't a member of the RAS Access group are able to connect to RAS! I've looked everywhere and I don't see any issues with the configuration...can anyone point me in the right direction or give me some things to check? It's driving me crazy!!