PIX 515 - Microsoft IAS for VPN

[JorgeM]

Does anybody know how to configure the microsoft IAS server to limit some ports or IP address (some kind of access-list) to the users connected through the VPN

 

[netwrkr]

This would require the IAS server which is speaking RADIUS to pass certain RADIUS attributes to the Cisco PIX which it does not support. In short you cannot limit ports, per user via IAS. You can however, limit access to your internal network on a system wide basis via a VPN access list applied on the PIX.

If you are using sysopt connection permit-pptp (I am assuming you are using PPTP) then you need to remove this and add to your access list which doesn't nat connections from your vpn users (check your nat 0 access-list).

Tom

 

[JorgeM]

Tom, I'm using the following configuration:
access-list 101 permit ip x.x.x.x 255.255.255.0 y.y.y.y 255.255.255.0
(where x.x.x.x is the inside of my network and y.y.y.y is the ip address I'm asigning to the VPN users.)
nat(inside) 0 access-list 101

When I try to limit in the access-list the port, It is not possible, that is why i though I could do that with the IAS, if you have any other tip to do this please let me know.

Thank you