none
Windows VPN access control

    Question

  • I'm looking to have greater control over people logging in using VPN. Currently, I have one NPS policy for employees connecting after hours or those who work remotely.

    Now,  I need to allow access to consultants from outside of the company. Preferred method would be IP ACL, which I could do at a switch level.

    The question I have is:

    Is it possible to have a specific group of users connecting to VPN get a specific range of IP addresses, while all others get default range from DHCP?
    Wednesday, December 25, 2013 2:58 PM

Answers

  •  

    Hi,

    As far as I know, you can try to do:

    If you work in workgroup, please open “Run” and type “lusrmgr.msc” to find local users and groups.

    If you work in domain environment, please open “Run” and type “dsa.msc” to find active directory users and computers.

    Please right click username which is used by your specific user and select “properties”. And then click “Dial-in”, you can see “assign static IP” and you just need to configure the static IP that you want here.

    Any other users can obtain IPs from DHCP or VPN servers.

    Best Regards

    Quan Gu

    • Marked as answer by FirefoxPL Monday, December 30, 2013 3:14 AM
    Monday, December 30, 2013 2:49 AM
    Moderator

All replies

  •  

    Hi,

    As far as I know, you can try to do:

    If you work in workgroup, please open “Run” and type “lusrmgr.msc” to find local users and groups.

    If you work in domain environment, please open “Run” and type “dsa.msc” to find active directory users and computers.

    Please right click username which is used by your specific user and select “properties”. And then click “Dial-in”, you can see “assign static IP” and you just need to configure the static IP that you want here.

    Any other users can obtain IPs from DHCP or VPN servers.

    Best Regards

    Quan Gu

    • Marked as answer by FirefoxPL Monday, December 30, 2013 3:14 AM
    Monday, December 30, 2013 2:49 AM
    Moderator
  • Thanks for reply.

    I work with domain and I should of thought about it. It should work for what I'm trying to do.

    Monday, December 30, 2013 3:13 AM