No, the thing is in order to have VPN you need to configure a couple of things on ISA and on RRA (routing and remote access). On the last one you can modify the default Remote Access Policy and out something like "allow connection if is a member of VPN users", so create a group with that name and add as members of that group just the users that need VPN access. By that way if the user have remote dialing enable and is not member of VPN users, will not be able to VPN. Regards Diego R. Pietruszka ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Richard Morris Sent: Monday, July 31, 2006 10:20 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: RADIUS Thanks. When you say VPN filter, is that a access list? ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR Sent: 31 July 2006 03:45 PM To: isalist@xxxxxxxxxxxxx Subject: [isalist] Re: RADIUS The true is I don't know if RADIUS needs that option enable because I never use it. But what I can tell you that have the Dial In access enable don't mean that the user have access to your VPN since you can filter them on your VPN filter. Anyway, I'm pretty sure that somebody else will confirm if RADIUS needs it enable or not. Regards Diego R. Pietruszka ________________________________ From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On Behalf Of Richard Morris Sent: Monday, July 31, 2006 9:28 AM To: isalist@xxxxxxxxxxxxx Subject: [isalist] RADIUS Hi there all. I'm using RADIUS to authenticate users for internet access, it works fine, but the User Account in AD requires Dial In Access enabled, this isn't ideal as that effectively means those Users can also have VPN access and we don't want that. Did I miss something or is this just how it works? Cheers ________________________________ The views expressed in this email are, unless otherwise stated, those of the author and not those of the Smart Technology Group or its management. The information in this e-mail is confidential and is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted in reliance on this, is prohibited and may be unlawful. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted or does not reach its intended destination. ________________________________ ________________________________ The views expressed in this email are, unless otherwise stated, those of the author and not those of the Smart Technology Group or its management. The information in this e-mail is confidential and is intended solely for the addressee. Access to this e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted in reliance on this, is prohibited and may be unlawful. Whilst all reasonable steps are taken to ensure the accuracy and integrity of information and data transmitted electronically and to preserve the confidentiality thereof, no liability or responsibility whatsoever is accepted if information or data is, for whatever reason, corrupted or does not reach its intended destination. ________________________________