Re: Internet Access policy

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Miha Pihler (mihap-news_at_atlantis.si)
Date: 08/10/04 

Date: Tue, 10 Aug 2004 17:54:52 +0200

I think you have few options. Give VPN users certain IP pool and filter
these IPs (deny access to the internet for the specific IP pool).

Second option is like I mentioned before to create RRAS filter on internal
interface where you would only allow access to specific subnets e.g.
192.168.0.1/24 -- so users would only be allowed to access computers that
are within this address space. Since "Internet" would not be on the list
users would not be able to access it.

Mike

"Chris Chandler" <see@top.com> wrote in message
news:Xns954176BCEB7CDnospmnet@207.46.248.16...
> "Miha Pihler" <mihap-news@atlantis.si> wrote in news:#v2FWdufEHA.1048
> @tk2msftngp13.phx.gbl:
>
> > Hi Chris,
> >
> > what do you use for VPN server? RRAS, ISA, ... ?
> >
> > If it is RRAS you can use IP filters on specific network cards and allow
> > only traffic to local traffic (local IP subnets). If you have ISA you
can
> > again create appropriate rules.
> >
> > Mike
>
> The server itself is NATted behind a PIX 506. I ahd thought of using ISA
> server but it was rather a PITA to get it to work right behind the PIX so
> right now I am using RRAS for authentication.After routing a STATIC
gateway
> from the server to the PIX, web and e-mail work. Now thats all fine and
> good, now I just want web access to be limitesd to INTRANET only but they
> can access e-mail. When I tried running ISA once before it became rather
> confusing setting up teh rules. Granted IU have never work with ISA Server
> much usually I just use PIX. I am also wondering if I can filter access
> thru the PIX based on IP range.

Relevant Pages

  • Re: content filter how to?
    ... able to filter over 40 different categories of sites. ... > total number of internet hours in a day, total number of internet hours in ... All these are features that are I think hard to find in other ... > not be more secure that the first version], and SuperScout Server which is ...
    (comp.security.firewalls)
  • Re: content filter how to?
    ... able to filter over 40 different categories of sites. ... > total number of internet hours in a day, total number of internet hours in ... All these are features that are I think hard to find in other ... > not be more secure that the first version], and SuperScout Server which is ...
    (comp.security.firewalls)
  • Re: OWA Issues w/ small Bus. 2003 server
    ... I was able to connect to my pix firewall and enable logging- when i tried ... rejecting the http request to my internal host (exchange server) and looking ... don't know why sbs 2003 was setup this way bec. ... firewall to users on the Internet: ...
    (microsoft.public.exchange.admin)
  • Re: OWA Issues w/ small Bus. 2003 server
    ... network telnet to the Public IP of your pix on port 80. ... you only have 1 NIC in your SBS Server? ... You must configure a firewall to secure your local network from the ... firewall to users on the Internet: ...
    (microsoft.public.exchange.admin)
  • Re: Internet Access and external email problems
    ... oversubscribed/overloaded due to which it no longer entertains DNS ... Clearing the connection (w.r.t internal server) on the PIX ... and when I did the internet connectivity was restored. ...
    (microsoft.public.windows.server.sbs)