Re: IAS - policy profile IP Packet Filter issue

Hello Manju,
Thankyou for your reply.
Indeed I thought it could be some "Vendor-like" issue...
Well, so I'll try to specify a Cisco VSA as you said.
thanx for your help!

Giulio

>-----Original Message-----
>Hello Giulio,
>
> This is happening because the profile element "IP
filters" are a Microsoft
>vendor specific RADIUS attribute (it is not a RFC
standard) and only
>Microsoft products (like RRAS) can understand them.
> To have your Cisco NAS understand the filters, you need
to configure IAS
>to send Cisco vendor specific attributes. Go to
profile->Advanced->add and
>select "Vendor-Specific" and configure the attributes
according to Cisco's
>specs.
>
> Hoep this helps.
> Thanks, Manju
>
>--
>+++++++++++++++++++++++++++++++++++++++++++++++
>This posting is provided "AS IS" with no warranties, and
confers no rights
>
>
>"Giulio" <anonymous@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
>news:202a01c53ea4$da029c50$a601280a@xxxxxxxxxx
>> Hi All,
>> I've a problem with the configuration of a policy profile
>> in IAS: it seems to me that the packet filter IP in the
>> profile of the policy is not applyed.
>>
>> A user (say 'test') is configured in this way:
>> - Dial-in tab: Remote Access: "Control Access through
>> remote access policy"
>> - NAS: Cisco 3700
>> - IAS policy for this user:
>> . Grant Remote Access Permission
>> . profile - IP Deny all traffic except from 192.168.0.7 to
>> user-IP
>> . profile - IP Deny all traffic from user to 192.168.0.7
>>
>> The other profile configurations are set as default.
>>
>> The user is correctly authenticated and from the event log
>> I can see that the policy used is the correct one.
>>
>> I expected I could not ping anything but 192.168.0.7 but,
>> once authenticated, the test user can ping everything
around!
>>
>> The strange thing is that the same policy in a RRAS server
>> (without IAS) works in the correct way. It's exactly the
>> same policy since I imported it from the old server with
>> the netsh command.
>>
>> Please help me!!!
>>
>>
>
>
>.
>
.

Relevant Pages

  • Re: IAS - policy profile IP Packet Filter issue
    ... hard to find any sort of documentation (either from Cisco ... The Vendor attribute I added was Cisco-AV-Pair ... > This is happening because the profile element "IP ... >> I've a problem with the configuration of a policy profile ...
    (microsoft.public.internet.radius)
  • Windows cannot load the locally stored profile
    ... but I've disabled indexing from my profile area. ... impersonate user with 5. ... Reason: policy set to SYNC ... security group membership change and extension Registry has NoGPOChanges ...
    (microsoft.public.windows.server.general)
  • RE: Users My Documents Target Location
    ... Click Profile tab, check if it is correct of Logon Script. ... you may want to contact Microsoft CSS directly. ... >>the Users folder on the server its out of synch. ... >>> support group policy deployment. ...
    (microsoft.public.windows.server.sbs)
  • Re: Administrator Profile corruption
    ... To clear up a few things: On the Friday I rebooted the server and things got ... Administrator logon to see which group policy objects are applied?’ ... concluded that the admin account was completely toasted. ... We ran the user profile Cleanup Hive Service. ...
    (microsoft.public.windows.server.sbs)
  • Re: Assigning user profiles based on OU
    ... the computers via Group Policy. ... > to user student workstations and pull the student profile. ... create OU's for specific client machine sets and apply ... If the policy settings are specific to the ...
    (microsoft.public.win2000.group_policy)