I have an ISA 2004 server that we use for Proxy, FIrewall and VPN. We use IAS(Radius) to authenticate VPN clients as the ISA is not a member of the Corporate Domain.
Its all pretty straight forward and it works well.
However, our telephone enginners want VPN access to the telephone system which is on a different subnet. I have setup a router between the two subnets (corporate and telephone sys), added the telephone system subnet into the internal network in the ISA Manager and setup a persistant route on the ISA box pointing to the router for that subnet. Therefore, providing the VPN client side has set "use VPN gateway" at their side then all is well - VPN users can access the new subnet.
However, is there an easy way to block/restrict a VPN user to a particular server ip - you'll probably realise where I am going with this. I don't want them to be able to access any open shares or servers on the corporate network. By default they are in "Domain User's" group.
I could go through the securirty in AD, but that might be a hassle and take time.
Anyone have theory's on how to EASILY achieve this?