Re: Restricting VPN access

Hi,

I think you have to create a firewall rule on ISA where the source is the
VPN CLient network, and the destination is your machine (an object you
create)... In this rule, you specify that this rule is for a specif user.

This works fine.

--

Frédéric ESNOUF (MCSE - ISA MVP)
Email : frederic@xxxxxxxxxx
Visit ISAServerFR.org
You plan to implement Quarantine on ISA 2004 ?
Check this : http://www.esnouf.net/qss_main.htm
Download QSS, learn with videos and screenshots...
Buy my book onine : www.esnouf.net, and click the Amazon link.
"Matt Sullivan" <matt@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uBrADh0KGHA.2040@xxxxxxxxxxxxxxxxxxxxxxx
Finally got the VPN access working using ISA 2004 sp1. Now we would like
to restrict access for a specific domain account to one serveron the
internal network.

Here are the things I tried:
1. using Active directory users & computers. right-clicking on a machine
and denying access to a particular user. This appears to do nothing.

2. Going to a shared drive which we want to restrict access to. going to
the permissions for the share. removing everyone and adding specific
users(even adding deny access to the account we want to restrict). This
doesn't do anything either.

I've tried having the vpn user log out and back in to see if that helped.
It didn't.

The user I have testing this is logged into a laptop with a valid domain
account. He then uses an external connection and VPNs into the network
authenticating with the restricted account info. It has crossed my mind
that his valid domain account could be affecting the authentication, but I
would be surprised if windows would use the other authentication without
asking.

I admit I am a developer, not a network admin(doing this because all the
other developers here don't want to and we don't really have a network
admin). The steps I tried are admittedly naive, but the documentation on
how to get this working is either terrible or non-existent. So far the
documentation I have read gives the 1000 ft view of how things operate.
These are great until things break or don't work. Then you have no idea
where/how to begin fixing them.

I'd appreciate any help anyone can provide.
--Matt



.

Relevant Pages

  • Re: Outgoing VPN Error 619
    ... Outbound VPN problem: ... Q1 - is the test client configured as SecureNET? ... Q2 - what do you find in the ISA logs for your tests? ... I've checked in local network rules and I do have a rule called VPN clients ...
    (microsoft.public.isa.vpn)
  • Re: Outgoing VPN Error 619
    ... Jim Harrison (ISA SE) ... A network capture will be very revealing. ... Ok Inbound VPN access is now working, just the Outbound VPN problem to go ... As long as the VPN client is assigned an address from this predefined ...
    (microsoft.public.isa.vpn)
  • Re: VPN not working when i connect through SBS 2003 server running ISA 2004
    ... I've tried playing around with the security settings to no avail. ... problem PCs (we have tested several within the network behind ISA) will VPN ... VPN endpoint. ...
    (microsoft.public.windows.server.sbs)
  • Re: VPN from workstation behind ISA 2006
    ... The ISA is acting at the LAN Router. ... used for a VPN Server? ... What are the IP Ranges listed in the properties of the Internal Network ...
    (microsoft.public.isa.vpn)
  • RE: VPN Access to External Site
    ... made my ISA 2004 server my default gateway ... A socket operation was attempted to an unreachable network. ... internal users to connect to an external VPN server through Microsoft ... firewall client application and then sent to the ISA server. ...
    (microsoft.public.windows.server.sbs)
Loading