RAS - Restricting VPN User to certain Internal IPs?

Hello,

We have a need to give a trusted customer access to two internal
servers for a troubleshooting exercise. Duration is short-term. For
reasons I cannot go into here we are not able to move these servers to
a DMZ area.

We have a Win2k3 RAS that handles our VPNs for remote users. I have
established Group policies for our employees. However, what I need to
know is the following:

Q. Is it possible to allow access for this customer to ONLY certain
internal IP addresses on our network via the Remote Access Policies?

I have looked at policy properties and see the Input and Output
filters, but those are for entire networks, not individual IP
addresses.

I realize this is not 100% secure even by allowing only specific IPs,
but it would be a good temporary solution for us. Thank you for any
help.

TN



tigenet@gmail.com