Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Multiple NPS Clients Bound To Specific Network Policies

Posted on 2013-06-03
3
Medium Priority
?
1,034 Views
Last Modified: 2013-06-13
Hello,

I have a client that currently uses Windows 2008R2 Network Policy Server to authentication VPN connections via RADIUS from a Cisco ASA Firewall.  The ASA is defined as a RADIUS client and there is one Network Policy that grants access if the user is a member of a Windows "VPN Access" group.  This works as advertised.

I am adding a RADIUS capable Cisco WAP to the environment.  I want to allow connection to the WAP in the same manner.  If the user is a member of a Windows "WAP Access" group, grant access.  I have added a second RADIUS client and a second Network Policy that specifies the WAP Access group.

The problem I've run into is not seeing a way to specify/bind the WAP network policy to only the WAP RADIUS client.  The VPN and WAP network policies have a processing order of 1 and 2 respectively.  The VPN Access group contains a small subset of all users only.  The WAP Access group contains most users.  So, in the current configuration, if a user tries to connect to VPN with their username/password pair and they aren't a member of the VPN Access group, it will fail out.  However, the Guest WAP policy would then allow the connection.  I need a way to bind a RADIUS client to one policy and one policy only.  I must be missing something obvious?

Thank you.
0
Comment
Question by:SafetyNet-TC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
cantoris earned 2000 total points
ID: 39220399
On the policy for the wireless clients, try adding in an extra Condition - "NAS Port Type" and set it to Wireless 802.11 so that it doesn't apply to the VPN connections.
0
 

Author Comment

by:SafetyNet-TC
ID: 39245684
Of course.  Thank you.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39245691
Glad it worked for you :)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question