preventing vpn connections from non-office mode users?

[soontobeguru]

Hello, I hope my subject was descriptive enough... I ran out of room. Here is the rest:

Is there a way to dis-allow vpn connections from anyone not using office mode enabled secureclients? We had an issue where one of our employees connected via securemote from a home network that had the same IP as a common destination on the corporate network. While this person was connected, all data to the internal host was sent encrypted to this vpn user. This completely disrupted normal communication to this internally routed host. If we could prevent securemote/client users that are not in office mode, this would prevent the problem.

Long post, I know, sorry. But thanks for your help

 

[ChrisAC]

Your rulebase should only allow connections to the corporate networks from clients authenticated to the policy server and all other connections should be dropped. Once authenticated they should be allocated an address from a pool that is not the same as your internal network.

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************