Ask the Expert

Retricting access to RAS servers

My organization have several remote sites. These sites connect to the organization intranetwork through our RAS using ISDN or PSTN dialup. I was wondering whether it is possible to restrict access to certain servers/sites based on the dialup user authority level (e.g. one user can only access two servers out of five available servers in my network, another 4 out of 5, etc.). Do I require extra hardware? Any differences if the dialup is done through PSTN or ISDN?

    Requires Free Membership to View

Because of the context implicit in your message, I assume you are using Windows to provide RAS (RRAS?) access. Alas, there is no explicit mechanism to limit which RAS servers within a single domain that users whose RAS access is enabled can dial into. However, there are two workarounds that can solve this problem fairly easily:

  1. Put each RAS server into its own domain, making it possible to manage accounts on a per-server/domain basis.
  2. Set up separate RAS accounts for each server, so that user access can be controlled on a per-server basis.

3rd-party products like those from Citrix are more flexible in this regard, but they may not be worth the considerable extra expense involved. Finally, AFAIK, there is not profound disinction in RAS access controls based on the type of connection used to access the server (PSTN, ISDN, ATM, Internet, etc.).

HTH,
--Ed--

This was first published in November 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: