I have a 2821 router configured with both LAN-to-LAN and remote access VPN functionality. Authentication is controlled by RADIUS/IAS on Windows 2003.
I know it is possible to set certain user characteristics within IAS. For example, when a user logs into the router, the privilege level they are given is based upon the user name and the Active Directory group to which they belong. IAS is configured send a string (priv-lvl=15)to the router setting the privilege level. Can this be done for split tunnels?
Because we have a large pool of laptops that are checked out by anyone, we really can't have multiple VPN groups on the router. I want the IT staff to be able to split tunnel, but not the other remote users. I presume there is some sort of string that I need to send to the router from IAS to use an ACL that is configured on the router for the split tunnel.