Solved

Multiple NPS Clients Bound To Specific Network Policies

Posted on 2013-06-03
3
967 Views
Last Modified: 2013-06-13
Hello,

I have a client that currently uses Windows 2008R2 Network Policy Server to authentication VPN connections via RADIUS from a Cisco ASA Firewall.  The ASA is defined as a RADIUS client and there is one Network Policy that grants access if the user is a member of a Windows "VPN Access" group.  This works as advertised.

I am adding a RADIUS capable Cisco WAP to the environment.  I want to allow connection to the WAP in the same manner.  If the user is a member of a Windows "WAP Access" group, grant access.  I have added a second RADIUS client and a second Network Policy that specifies the WAP Access group.

The problem I've run into is not seeing a way to specify/bind the WAP network policy to only the WAP RADIUS client.  The VPN and WAP network policies have a processing order of 1 and 2 respectively.  The VPN Access group contains a small subset of all users only.  The WAP Access group contains most users.  So, in the current configuration, if a user tries to connect to VPN with their username/password pair and they aren't a member of the VPN Access group, it will fail out.  However, the Guest WAP policy would then allow the connection.  I need a way to bind a RADIUS client to one policy and one policy only.  I must be missing something obvious?

Thank you.
0
Comment
Question by:SafetyNet-TC
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
cantoris earned 500 total points
ID: 39220399
On the policy for the wireless clients, try adding in an extra Condition - "NAS Port Type" and set it to Wireless 802.11 so that it doesn't apply to the VPN connections.
0
 

Author Comment

by:SafetyNet-TC
ID: 39245684
Of course.  Thank you.
0
 
LVL 16

Expert Comment

by:cantoris
ID: 39245691
Glad it worked for you :)
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question