Hi, We have a Windows Server 2003/2008 Environment. We have several VPN users who connect from their home machines to the VPN and then initial outbound RDP connections from the corporate network to another network. I have been tasked with only allowing certain users to connect to the IP addresses of the other network. How can I achieve this? We have no Proxy in place, hence everyone has unrestricted access. Port restrictions are in place on the firewall. We have an Windows Server 2003 RRAS box handling all the incoming VPN connectivity. Many thanks in advance.DOHMAN2011

When you have a RAS server you have two options of delivering remote access: Dhcp assigned ip addresses. More about this here: http://support.microsoft.com/kb/160699 Static IP range. Details about this you can get from : http://technet.microsoft.com/en-us/library/dd469667.aspx Also in active directory you can configure a static remote ip address. Also in the Network Access Permission click Allow to allow the user to connect through VPN, Deny -self explainatory, Control access through NPS network policy you would click if you used NAP. NAP is available only in server 2008 or above. It is not available in 2003, and it is a little more complicated to deploy but in short you basicly configure a connection policy for computers to connect. If they meet certain conditions that are required , they are allowed inside the network, if not they can be send to a remediation network where they can try to meet the compliance checks. You also have to enable NAP client through Group Policy. The Nap enforcement type in your current scenario would be VPN enforcement. More on that here : http://technet.microsoft.com/en-us/library/dd469660.aspx. If I wasn't clear at some point please ask.MCTS - Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. http://mariusene.wordpress.com/

Hello, the better forum for the question is the networking one: http://social.technet.microsoft.com/Forums/en/winserverNIS/threads?page=1Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.