Hi All
> Sorry for the incomplete mail. I have a mail server and a couple of > application servers inside my network. The RAS and VPN user ID and > passwords are same. I want to restrict the user, once he is connected > to VPN, to only use the mail and only one application server. Rest of > the network must be denied to the user. One, you completely ignored my answer: > >What resources, and how will you recognize the two classes of users? > >Answer those two questions via RADIUS attributes, and you have what > >you want. Two, now that you've explained it in a little more detail, what you want is *routing* or *firewall* restrictions. I suggest reading the documentation for your router/firewall to see how they implement it. I understand that this can be done using RADIUS attributes using Framed- Filter-Id. Here are my configs. Huntgroups File: =============== ras NAS-IP-Address == 100.200.300.400 ras NAS-IP-Address == 10.10.1.2 User-Name = mahesh User-Name = kudva Users File: ============ mahesh User-Password == "kudva", Huntgroup-Name == "ras" Service-Type = Framed-User, Framed-Protocol = PPP Framed-Filter-Id == "std.in" std.in file: ============ deny ip 10.10.1.3 Is there a specific syntax for the file? Also wireless clients inside the orgazination will have to be authorized in the similar fashion. Regards & Thanks ================ Mahesh S Kudva ------------------------------------------------------- Robosoft Technologies - Partners in Product Development - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html