Solved

Multiple NPS Clients Bound To Specific Network Policies

Posted on 2013-06-03
3
803 Views
Last Modified: 2013-06-13
Hello,

I have a client that currently uses Windows 2008R2 Network Policy Server to authentication VPN connections via RADIUS from a Cisco ASA Firewall.  The ASA is defined as a RADIUS client and there is one Network Policy that grants access if the user is a member of a Windows "VPN Access" group.  This works as advertised.

I am adding a RADIUS capable Cisco WAP to the environment.  I want to allow connection to the WAP in the same manner.  If the user is a member of a Windows "WAP Access" group, grant access.  I have added a second RADIUS client and a second Network Policy that specifies the WAP Access group.

The problem I've run into is not seeing a way to specify/bind the WAP network policy to only the WAP RADIUS client.  The VPN and WAP network policies have a processing order of 1 and 2 respectively.  The VPN Access group contains a small subset of all users only.  The WAP Access group contains most users.  So, in the current configuration, if a user tries to connect to VPN with their username/password pair and they aren't a member of the VPN Access group, it will fail out.  However, the Guest WAP policy would then allow the connection.  I need a way to bind a RADIUS client to one policy and one policy only.  I must be missing something obvious?

Thank you.
0
Comment
Question by:SafetyNet-TC
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
cantoris earned 500 total points
ID: 39220399
On the policy for the wireless clients, try adding in an extra Condition - "NAS Port Type" and set it to Wireless 802.11 so that it doesn't apply to the VPN connections.
0
 

Author Comment

by:SafetyNet-TC
ID: 39245684
Of course.  Thank you.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39245691
Glad it worked for you :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now