Different SSTP settings for different Windows groups? RRS feed

  • Question

  • I need to provide a VPN service where different groups of people have different levels of network access. Internally, this is handled with dynamic VLANs, using user authentication to specify which VLAN the user is put into, which dictates which IP address they get, which dictates what they can access.

    I need to try to replicate this with VPN so that, depending on who they are when they authenticate, they get an appropriate IP address so that their level of access can then be controlled.

    Unless I'm misunderstanding UAG, though, it looks like I can only define SSTP once, and there doesn't seem to be any flexibility around IP pools for different groups, etc.

    Is that correct or can UAG do what I want it to do?




    Friday, January 27, 2012 9:12 AM

All replies

  • As far as I know you are correct, the SSTP settings can only be defined once.
    Friday, January 27, 2012 1:18 PM
  • Maybe istead of full VPN access you just publish the needed apps to the different users/groups if they are to have limited access anyway..

    Or you could just publish to different users/groups an RDP session to a server in one VLNA or another and then where they could go from there would be limited by teh RDP hosts IP address..

    Or on pretty much any app publishing (but not NC or SSTP) you can use the "bind source ip" to have some sessions sent from one UAG internal IP address, and others sent from another, in which case you could filter further internally with your firewall/router..

    Thanks, Mark

    Friday, January 27, 2012 7:11 PM