Retricting access to RAS servers
My organization have several remote sites. These sites connect to the
organization intranetwork through our RAS using ISDN or PSTN dialup. I
was wondering whether it is possible to restrict access to certain
servers/sites based on the dialup user authority level (e.g. one user
can only access two servers out of five available servers in my network,
another 4 out of 5, etc.). Do I require extra hardware? Any differences if
the dialup is done through PSTN or ISDN?
Because of the context implicit in your message, I assume you are
using Windows to provide RAS (RRAS?) access. Alas, there is no
explicit mechanism to limit which RAS servers within a single domain
that users whose RAS access is enabled can dial into. However, there
are two workarounds that can solve this problem fairly easily:
- Put each RAS server into its own domain, making it possible to manage accounts on a per-server/domain basis.
- Set up separate RAS accounts for each server, so that user access can be controlled on a per-server basis.
3rd-party products like those from Citrix are more flexible in this
regard, but they may not be worth the considerable extra expense
involved. Finally, AFAIK, there is not profound disinction in RAS
access controls based on the type of connection used to access the
server (PSTN, ISDN, ATM, Internet, etc.).
This was first published in November 2001