Limit access to specific IP address (hopefully by AD group)

Discussion in 'Cisco' started by blautens, Jan 17, 2005.

  1. blautens

    blautens Guest

    I setup our Cisco VPN 3015 a couple of months ago, working with a
    Windows 2000 Server and IAS. Currently, if you are a member of the "VPN
    users group" in Active Directory, you are allowed access. This works
    well for now, it's mostly used for employees in IT who do need access
    to anything.

    But I'd like to setup a process where access is limited to an IP
    address (or 2 or 3, etc.) based on AD group membership. For instance,
    if you are member of the xyz user group in AD, I'd like to limit that
    group to access only 10.108.1.xyz. That sort of thing. I don't need
    outside vendors with access to all devices on the LAN.

    Should I try to do this in AD via some RAS policy, or in the VPN 3015?
    Is there a good reference document for this on the Cisco site (I didn't
    really see one).

    Thanks in advance.
     
    blautens, Jan 17, 2005
    #1
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.