I have been trying to use cisco-avpairs on our Windows 2003 IAS server with the ip:inacl option so that I can allow VPN users to ONLY remote control their work machines (RDP-Port 3389). Does anyone out there have an example of this or one that allows only certain ports? My cisco-avpair allows everything even though I try to limit it to DNS and RDP. I would show you what I have but I am trying hard not to show my stupidity.
I have this problem too.