Can RADIUS/IAS control if the user can split tunnel ?

Unanswered Question
Dec 3rd, 2009
User Badges:


   I have a 2821 router configured with both LAN-to-LAN and remote access VPN functionality. Authentication is controlled by RADIUS/IAS on Windows 2003.

   I know it is possible to set certain user characteristics within IAS. For example, when a user logs into the router, the privilege level they are given is based upon the user name and the Active Directory group to which they belong. IAS is configured send a string (priv-lvl=15)to the router setting the privilege level. Can this be done for split tunnels?

    Because we have a large pool of laptops that are checked out by anyone, we really can't have multiple VPN groups on the router. I want the IT staff to be able to split tunnel, but not the other remote users. I presume there is some sort of string that I need to send to the router from IAS to use an ACL that is configured on the router for the split tunnel.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion