Solved

Multiple NPS Clients Bound To Specific Network Policies

Posted on 2013-06-03
3
869 Views
Last Modified: 2013-06-13
Hello,

I have a client that currently uses Windows 2008R2 Network Policy Server to authentication VPN connections via RADIUS from a Cisco ASA Firewall.  The ASA is defined as a RADIUS client and there is one Network Policy that grants access if the user is a member of a Windows "VPN Access" group.  This works as advertised.

I am adding a RADIUS capable Cisco WAP to the environment.  I want to allow connection to the WAP in the same manner.  If the user is a member of a Windows "WAP Access" group, grant access.  I have added a second RADIUS client and a second Network Policy that specifies the WAP Access group.

The problem I've run into is not seeing a way to specify/bind the WAP network policy to only the WAP RADIUS client.  The VPN and WAP network policies have a processing order of 1 and 2 respectively.  The VPN Access group contains a small subset of all users only.  The WAP Access group contains most users.  So, in the current configuration, if a user tries to connect to VPN with their username/password pair and they aren't a member of the VPN Access group, it will fail out.  However, the Guest WAP policy would then allow the connection.  I need a way to bind a RADIUS client to one policy and one policy only.  I must be missing something obvious?

Thank you.
0
Comment
Question by:SafetyNet-TC
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
cantoris earned 500 total points
ID: 39220399
On the policy for the wireless clients, try adding in an extra Condition - "NAS Port Type" and set it to Wireless 802.11 so that it doesn't apply to the VPN connections.
0
 

Author Comment

by:SafetyNet-TC
ID: 39245684
Of course.  Thank you.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39245691
Glad it worked for you :)
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question