Routing and remote access - allow rdp only



I currently have Routing and remote access setup on w2k3 that our users are
routed to from the outside world via a firewall to make a vpn connection into
the company. At the moment I use Remote Access Policies to add two input
filters so that the only thing they can do over the vpn connection is a
remote desktop session to their pc back on their work desk from home.
I now have a need to tell the routing and remote access service to
authenticate against a radius server instead of the domain. The radius
service isn't a microsoft one. As soon as you select to authenticate against
a radius server you lose the ability to have remote access policies.
Is their any other way to configure the vpn connections in routing and
remote access to only allow rdp traffic over the vpn connections they make.


No, unfortunately it doesn't. I was under the impression that no 3rd party
radius server would do this and that the radius service purely authenticates
the connection then lets RRAS get on with its business. I am hoping that
there is some other way of doing this but it isn't looking good.

James Yeomans BSc, MCSE

I think windows IAS (not ISA) will do this, its windows implementation of

Rahisuddin Shah

When you configure Radius server and make RRAS a client of that server, RRAS
server does not accept whatever policies you configure on RRAS. You need to
configure policies on your Radius server. I dont know which Radius server
you are using but if you use IAS you can figure out policy which will allow
only rdp connection.
Is there any reason not use Windows IAS server? I will recomment to use it.

Please go through this article:


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question