• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 360
  • Last Modified:

Cisco IOS Remote Access VPN Restricting Traffic

Hi Experts,
I want to have multiple remote access vpn configurations.
One will be used for internal employees, one for contractors.
Both use a Windows 2008 NAP/Radius profile.
The internal employees get access to the entire subnet.
The contractors get access to one server.
How do I configure the IOS firewall with two profiles to do this? I have done it before with ASA. There are no articles I can find, or are there?
Im using a crypto isakmp client configuration group xxxxx and applying it to the outside interface. I'm also using split-tunneling...I
I don't want to have to past the config so if you can lend me an example or link to exactly this configi it would be appreciated.
Thanks in advance.
0
Joesmail
Asked:
Joesmail
1 Solution
 
John MeggersNetwork ArchitectCommented:
I think what you're trying to do requires RADIUS on the back end to authenticate the user and put them into a particular group.  Take a look at http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800949ba.shtml and see if it helps.  By using ACS you can assign the user to a group and apply an ACL on what they're allowed to access.
0
 
gregorylindsayCommented:
Within NAP VPN enforcement you have the ability to restrict access by creating custom policies on NPS. This is done either with IP filters or using a remediation servers group.
http://technet.microsoft.com/en-us/library/dd314145(WS.10).aspx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now