Use L2TP/IPSec. See:
http://www.microsoft.com/windows2000...g_VPN_us26.htm
Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"theo22" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) om...
> I'm trying to create some rules to better secure my RAS server. I
> would like to add a rule that would not allow a user to VPN in on any
> computer other than the ones that are registered in our domain, but I
> cannot seem to do this.
>
> In other words, I have a user at home using a box that I gave him that
> is in our domain in a group called 'Work Computers'. When he
> authenticates I would like to be able to have a rule in place that
> checks the hostname of the box he is on and validates it against the
> list of computers in the 'Work Computers' group.
>
> I don't seem to be able to get this done. So far I can only
> authenticate users based on their uername and password. If I add the
> username to the 'Work Computers' group they authenticate just fine.
> Not really what I want to do. I could just authenticate against my
> group of users for that matter.
>
> I want to do this so that my at-home users will only be able to VPN in
> to our network on computers that I am familiar with and not at one of
> their friends' house using a VPN client on some foriegn computer when
> all they need to authenticate is their username/password.
>
> If there isn't a way to make sure my users aren't VPN'ing in on my
> computers based on hostnames registered in a group on our network,
> what other way is there to keep them from VPN'ing in on just any box?
> Or for that matter, how do I get my users to only be able to VPN in on
> the boxes I give them? Certificates, maybe?
>
> Please help!! I'm desperate for a soltion to this so I can beef up
> our security.
>
> Thanks!
Similar Threads
Linear Mode
