Internal vs external vpn
Posted on 2011-09-30
We have a standard Windows 2003 vpn set up. The firewall does port forwarding for vpn connections from the Internet to a dedicated Win2003 rras. We have only allowed remote access to the domain on a case by case basis, enabling Dial In on users domain accounts in AD. We are using pptp to do this.
Now we have a situation where we want to allow numerous users to connect via vpn from inside by using the the vpn server's private local ip address using wireless laptops (which are secured through the wireless system) . In testing, this works well and allows us to have staff log on to a laptop with a generic log on and then gain Windows authentication when they do the vpn connection.
The issue is that we don't want to give staff Dial In rights from the Internet (and don't want to enable through each and every use account). So far my solution is to set up a separate vpn server for the internal use. Before doing that, I'm wondering if there is a way to set up a way for the one rras server to distiguish between the internal and external users even though they are coming in on the same private internal ip address?