Can RADIUS/IAS control if the user can split tunnel ?
I have a 2821 router configured with both LAN-to-LAN and remote access VPN functionality. Authentication is controlled by RADIUS/IAS on Windows 2003.
I know it is possible to set certain user characteristics within IAS. For example, when a user logs into the router, the privilege level they are given is based upon the user name and the Active Directory group to which they belong. IAS is configured send a string (priv-lvl=15)to the router setting the privilege level. Can this be done for split tunnels?
Because we have a large pool of laptops that are checked out by anyone, we really can't have multiple VPN groups on the router. I want the IT staff to be able to split tunnel, but not the other remote users. I presume there is some sort of string that I need to send to the router from IAS to use an ACL that is configured on the router for the split tunnel.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...