We help IT Professionals succeed at work.
Get Started

How do I limit IP addresses on VPN using Windows 2008 NPS?

1,292 Views
Last Modified: 2012-05-11
So I'll try to get all the information in here.

Hardware:
Cisco ASA ver.8.2 - ASDM 6.3
Windows 2008 Server running NPS and AD

Currently I've setup a Connection Profile on the ASA using Radius to authenticate to the NPS/AD server. Everything is working as planned as an admin but what I'm trying to accomplish is limiting IP addresses / servers that some users can hit.

On the Radius server I have 2 profiles: Admin and Staff

The Admin profile (#1) connection condition is
ClientFriendlyName = Radius Client, Nas Port type = VPN, and Windows Group is VPNAdmin
I have my testadmin in this group and when I login I have access to everything.

The Staff profile (#2) connection condition is
ClientFriendlyName = Radius Client, NAS Port Type = VPN and Windows Group is VPNStaff.
I also tried using the IP Filter and put in the internal IP's I want the user to hit.
The test user I login with can access everything, even IP's outside the filter list.

I have set the AD accounts Dial-In tab to use NPS policy's.

So my Question is:

How do I get the VPN profile to recognize the IP filters or am I handling the IP filtering correctly? or is the internal IP address handling on the ASA?

Thanks in advance and let me know if more information is needed. I'm new to the NPS world.
Comment
Watch Question
Commented:
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE