[isalist] Re: RADIUS
- From: "D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR" <DPietruszka@xxxxxx>
- To: <isalist@xxxxxxxxxxxxx>
- Date: Mon, 31 Jul 2006 10:34:47 -0400
No, the thing is in order to have VPN you need to configure a couple of
things on ISA and on RRA (routing and remote access). On the last one
you can modify the default Remote Access Policy and out something like
"allow connection if is a member of VPN users", so create a group with
that name and add as members of that group just the users that need VPN
access. By that way if the user have remote dialing enable and is not
member of VPN users, will not be able to VPN.
Regards
Diego R. Pietruszka
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Richard Morris
Sent: Monday, July 31, 2006 10:20 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: RADIUS
Thanks. When you say VPN filter, is that a access list?
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of D PIETRUSZKA USWRN INTERLINK INFRA ASST MGR
Sent: 31 July 2006 03:45 PM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: RADIUS
The true is I don't know if RADIUS needs that option enable because I
never use it. But what I can tell you that have the Dial In access
enable don't mean that the user have access to your VPN since you can
filter them on your VPN filter.
Anyway, I'm pretty sure that somebody else will confirm if RADIUS needs
it enable or not.
Regards
Diego R. Pietruszka
________________________________
From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx]
On Behalf Of Richard Morris
Sent: Monday, July 31, 2006 9:28 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] RADIUS
Hi there all.
I'm using RADIUS to authenticate users for internet access, it works
fine, but the User Account in AD requires Dial In Access enabled, this
isn't ideal as that effectively means those Users can also have VPN
access and we don't want that.
Did I miss something or is this just how it works?
Cheers
________________________________
The views expressed in this email are, unless otherwise stated, those of
the author and not those of the Smart Technology Group or its
management. The information in this e-mail is confidential and is
intended solely for the addressee. Access to this e-mail by anyone else
is unauthorised. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted in reliance on
this, is prohibited and may be unlawful. Whilst all reasonable steps are
taken to ensure the accuracy and integrity of information and data
transmitted electronically and to preserve the confidentiality thereof,
no liability or responsibility whatsoever is accepted if information or
data is, for whatever reason, corrupted or does not reach its intended
destination.
________________________________
________________________________
The views expressed in this email are, unless otherwise stated, those of
the author and not those of the Smart Technology Group or its
management. The information in this e-mail is confidential and is
intended solely for the addressee. Access to this e-mail by anyone else
is unauthorised. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted in reliance on
this, is prohibited and may be unlawful. Whilst all reasonable steps are
taken to ensure the accuracy and integrity of information and data
transmitted electronically and to preserve the confidentiality thereof,
no liability or responsibility whatsoever is accepted if information or
data is, for whatever reason, corrupted or does not reach its intended
destination.
________________________________
Other related posts:
