Re: IAS - policy profile IP Packet Filter issue

Hello Giulio,

This is happening because the profile element "IP filters" are a Microsoft
vendor specific RADIUS attribute (it is not a RFC standard) and only
Microsoft products (like RRAS) can understand them.
To have your Cisco NAS understand the filters, you need to configure IAS
to send Cisco vendor specific attributes. Go to profile->Advanced->add and
select "Vendor-Specific" and configure the attributes according to Cisco's
specs.

Hoep this helps.
Thanks, Manju

--
+++++++++++++++++++++++++++++++++++++++++++++++
This posting is provided "AS IS" with no warranties, and confers no rights


"Giulio" <anonymous@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:202a01c53ea4$da029c50$a601280a@xxxxxxxxxx
> Hi All,
> I've a problem with the configuration of a policy profile
> in IAS: it seems to me that the packet filter IP in the
> profile of the policy is not applyed.
>
> A user (say 'test') is configured in this way:
> - Dial-in tab: Remote Access: "Control Access through
> remote access policy"
> - NAS: Cisco 3700
> - IAS policy for this user:
> . Grant Remote Access Permission
> . profile - IP Deny all traffic except from 192.168.0.7 to
> user-IP
> . profile - IP Deny all traffic from user to 192.168.0.7
>
> The other profile configurations are set as default.
>
> The user is correctly authenticated and from the event log
> I can see that the policy used is the correct one.
>
> I expected I could not ping anything but 192.168.0.7 but,
> once authenticated, the test user can ping everything around!
>
> The strange thing is that the same policy in a RRAS server
> (without IAS) works in the correct way. It's exactly the
> same policy since I imported it from the old server with
> the netsh command.
>
> Please help me!!!
>
>


.

Relevant Pages

  • IAS - policy profile IP Packet Filter issue
    ... I've a problem with the configuration of a policy profile ... in IAS: it seems to me that the packet filter IP in the ...
    (microsoft.public.internet.radius)
  • Windows cannot load the locally stored profile
    ... but I've disabled indexing from my profile area. ... impersonate user with 5. ... Reason: policy set to SYNC ... security group membership change and extension Registry has NoGPOChanges ...
    (microsoft.public.windows.server.general)
  • RE: Users My Documents Target Location
    ... Click Profile tab, check if it is correct of Logon Script. ... you may want to contact Microsoft CSS directly. ... >>the Users folder on the server its out of synch. ... >>> support group policy deployment. ...
    (microsoft.public.windows.server.sbs)
  • Re: Administrator Profile corruption
    ... To clear up a few things: On the Friday I rebooted the server and things got ... Administrator logon to see which group policy objects are applied?’ ... concluded that the admin account was completely toasted. ... We ran the user profile Cleanup Hive Service. ...
    (microsoft.public.windows.server.sbs)
  • Re: Assigning user profiles based on OU
    ... the computers via Group Policy. ... > to user student workstations and pull the student profile. ... create OU's for specific client machine sets and apply ... If the policy settings are specific to the ...
    (microsoft.public.win2000.group_policy)
Loading