Solved

Internal vs external vpn

Posted on 2011-09-30
4
268 Views
Last Modified: 2012-06-27
We have a standard Windows 2003 vpn set up.   The firewall does port forwarding for vpn connections from the Internet to a dedicated  Win2003 rras.  We have only allowed remote access to the domain on a case by case basis, enabling Dial In on users domain accounts in AD.  We are using pptp to do this.

Now we have a situation where we want to allow numerous users to connect via vpn from inside by using the the vpn server's private local ip address using wireless laptops (which are secured through the wireless system) .   In testing, this works well and allows us to have staff log on to a laptop with a generic log on and then gain Windows authentication when they do the vpn connection.  

The issue is that we don't want to give staff Dial In rights from the Internet (and don't want to enable through each and every use account).   So far my solution is to set up a separate vpn server for the internal use.   Before doing that, I'm wondering if there is a way to set up a way for the one rras server to distiguish between the internal and external users even though they are coming in on the same private internal ip address?
0
Comment
Question by:Dgreenbaum
  • 2
4 Comments
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36895982
For the internal user who are in Active Directory, you can set the dial-in properties on the Dial-in tab in the user account in Active Directory Users and Computers.

Refer this links:
http://technet.microsoft.com/en-us/library/cc738142(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc995159.aspx
http://stackoverflow.com/questions/892958/how-can-i-get-the-active-directory-dialin-permission-setting-from-ldap-using-vbsc

0
 
LVL 69

Accepted Solution

by:
Qlemo earned 250 total points
ID: 36908794
No, you cannot differ between internal and external dial-in - for RRAS, it is the same. But maybe you can restrict the accounts used to login only from specific PCs.
0
 

Author Comment

by:Dgreenbaum
ID: 36911055
Thanks Qlemo.... I'm going to set up a second rras and work with Remote Access Policies to get the right people access to it.
0
 

Author Closing Comment

by:Dgreenbaum
ID: 36911074
he saw through my dilemma and gave a clear answer
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RDP Sonicwall 8 85
Using VBScript. How to obtain the recomended paging file size? 8 53
SSIS with VPN COnnection 2 78
Enterprise Mode 4 30
For a while, I have wanted to connect my HTC Incredible to my corporate network to take advantage of the phone's powerful capabilities. I searched online and came up with varied answers from "it won't work" to super complicated statements that I did…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question