Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

Internal vs external vpn

We have a standard Windows 2003 vpn set up.   The firewall does port forwarding for vpn connections from the Internet to a dedicated  Win2003 rras.  We have only allowed remote access to the domain on a case by case basis, enabling Dial In on users domain accounts in AD.  We are using pptp to do this.

Now we have a situation where we want to allow numerous users to connect via vpn from inside by using the the vpn server's private local ip address using wireless laptops (which are secured through the wireless system) .   In testing, this works well and allows us to have staff log on to a laptop with a generic log on and then gain Windows authentication when they do the vpn connection.  

The issue is that we don't want to give staff Dial In rights from the Internet (and don't want to enable through each and every use account).   So far my solution is to set up a separate vpn server for the internal use.   Before doing that, I'm wondering if there is a way to set up a way for the one rras server to distiguish between the internal and external users even though they are coming in on the same private internal ip address?
0
Dgreenbaum
Asked:
Dgreenbaum
  • 2
1 Solution
 
SandeshdubeyCommented:
For the internal user who are in Active Directory, you can set the dial-in properties on the Dial-in tab in the user account in Active Directory Users and Computers.

Refer this links:
http://technet.microsoft.com/en-us/library/cc738142(WS.10).aspx
http://technet.microsoft.com/en-us/library/cc995159.aspx
http://stackoverflow.com/questions/892958/how-can-i-get-the-active-directory-dialin-permission-setting-from-ldap-using-vbsc

0
 
QlemoC++ DeveloperCommented:
No, you cannot differ between internal and external dial-in - for RRAS, it is the same. But maybe you can restrict the accounts used to login only from specific PCs.
0
 
DgreenbaumAuthor Commented:
Thanks Qlemo.... I'm going to set up a second rras and work with Remote Access Policies to get the right people access to it.
0
 
DgreenbaumAuthor Commented:
he saw through my dilemma and gave a clear answer
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now