locked
NPS Network Policies question RRS feed

  • Question

  • We are using a Cisco Firewall. We have a bunch of different VPN requirement that we are using and using windows server 2008 R2 Network Policy Server as aour radius server and using network policies to security.

    We have 3 different VPN profiles and want them each to a network policy for each one not combine the 3 together as it makes for a security whole as any user can use the 3 dfferent VPN profiles. We want to set it up so VPN profile 1, if your part of the Cisco VPN 1 group, you are allowed to connect to that profile. If your part of that group then you are denied access. VPN profile 2 if your part of Cisco VPN 2 group, you can connect to that profile only, etc. Right now if any user is part of Cisco VPN 1 or Cisco VPN 2 security group, it is allowing them to connect to either VPN profile.

    How can you set this up to seperate this.

    Friday, March 21, 2014 2:19 PM

Answers

  • Hi,

    According to your description, my understanding is that you wanted the NPS pociles to work differing from the Cisco VPN profiles. If I misunderstood anything, please feel free to let me know.

    Based on my experience, it seems that NPS won't do that with VPN profiles. If you want to define different network policies to different user group. You can select the specific user group when specifying conditions of the network policy. More information:

    Network Policy Conditions Properties

    Best regards,

    Susie

    • Proposed as answer by Susie Long Monday, March 31, 2014 2:37 AM
    • Marked as answer by Susie Long Monday, March 31, 2014 2:39 AM
    Monday, March 24, 2014 8:17 AM

All replies

  • Hi,

    According to your description, my understanding is that you wanted the NPS pociles to work differing from the Cisco VPN profiles. If I misunderstood anything, please feel free to let me know.

    Based on my experience, it seems that NPS won't do that with VPN profiles. If you want to define different network policies to different user group. You can select the specific user group when specifying conditions of the network policy. More information:

    Network Policy Conditions Properties

    Best regards,

    Susie

    • Proposed as answer by Susie Long Monday, March 31, 2014 2:37 AM
    • Marked as answer by Susie Long Monday, March 31, 2014 2:39 AM
    Monday, March 24, 2014 8:17 AM
  • Hi,

    Anything updates?

    If you need further assistance, please feel free to let me know.

    Best regards,

    Susie

    Thursday, March 27, 2014 6:32 AM
    • Proposed as answer by Susie Long Monday, March 31, 2014 2:37 AM
    Thursday, March 27, 2014 10:23 AM
  • Hi,
     
    As this thread has been quiet for a while, we will mark it as ‘Answered’ as the information provided should be helpful. If you need further help, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
      
    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Best regards,

    Susie

    Monday, March 31, 2014 2:39 AM