IP Filter issue in Network Policy Server


  • Hello,

    I have an existing Network Policy Server that is working just fine.  We have a Cisco ASA configured to authenticate users using radius to our NPS server.  The configuration works and allows / denies users as expected.

    However, I want to lock down a new or existing (tried both) Network Policy so a connected user (group of users) can only access the IP address ranges that I specify (either by blocking or allowing) using the policy > settings tab > IP Filters tab > Input/Output filters.

    However, the input/output filters I enter have no effect.

    I created a test lab to simulate the production environment and the IP filters work as expected there, but I can't finger out why it isn't working in our production environment.  There weren't any special steps to enable this feature... Any tips on what may be happening?

    • NPS Server = Domain Controller, Win2012 R2
    • Radius Client = Cisco ASA (unknown type/version, I dont have access to it, but dont think this is a concern)
    • Tested with Win10Home & Pro
    Friday, July 13, 2018 3:01 AM

All replies

  • Me again.

    Did some more tests.  If I use the Windows server as the VPN server instead of the Cisco ASA the network policy IP filters work as expected.  If I use the Cisco ASA for VPN connections the IP filters in NPS have no effect.

    Does that make sense to anyone why?

    Friday, July 13, 2018 7:53 PM
  • Hi,

    Thanks for your question.

    Was the same policy configured the same ip filters in test tab as the production and it worked OK? Please check the policy again if it is configured correctly, of NAS setting and type in especial.

    If that we couldn't find more clue about this issue. As suggested, you could use network monitor to do the network capture to analysis with more details.

    In addition, it sounds like that there's some part of compatibility between windows and cisco. We could also consult cisco for resolution at the same time.

    Hope this helps. I look forward to hearing your good news.

    If you have any question or concern, please feel free to ley me know.

    Best regards,


    Please remember to mark the replies as an answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Saturday, July 14, 2018 7:30 AM