Microsoft VPN filtering
How to control local IP access using IP filtering with Microsoft Server 2003 VPN.
Our first remote access policy is nearly finished. However, we also want this policy to limit connections to the Exchange server. For an Exchange server whose IP address is 10.42.42.101, follow these steps:
1. Double-click the Grant members of "RemoteExchangeAccess" policy you just created and click Edit profile to display the Edit Dial-in Profile page. The Authentication and Encryption tabs display the settings that you specified in the wizard.
2. At the Edit Dial-in Profile page that Web Figure 3 shows, click the IP tab. You'll see the Inbound Filters dialog box that Web Figure 4 shows. Select the Permit only the packets listed below radio button and click OK. We'll disable all traffic except for traffic to and from computers in the extranet that correspond to the 10.42.43.* subnet.
3.Click Input Filters, which displays the Edit IP Filter dialog box. Select the Destination network check box and type 10.42.42.101 for the IP address. Because we're limiting traffic to a specific address instead of an entire subnet, type 255.255.255.255 for the subnet mask; otherwise, Windows will reject the filter. The Protocol drop-down list lets you limit traffic to specific IP protocols, such as TCP and UDP, then further limit traffic to specific TCP/UDP port numbers.
4.Click OK. Your policy should now look like the one that Web Figure 4 shows.
5.Click OK to close the Inbound Filters window.
6.Back on the IP tab, click Output Filters, then click New. Select Source Network and enter the same IP address and subnet that you used for the inbound filter.
7.Click OK twice to close the policy.
Follow the same procedure for the rest of the remote access policies. For the Telecommuters policy, don't specify any IP filters that will let users access any part of the network. For the BusinessPartners policy, enter 10.42.43.0 as the IP address for both the inbound and outbound filters and 255.255.255.0 as the subnet mask. For the MTGConsultants policy, configure filters to let the consultants access only the Oracle server's IP address.