In article , Paolo Bresi wrote: :as VPN server i use windows 2000 server. it works great, but unfortunately :it shows all hosts in my LAN. i have different kinds of VPN users. some :users should see only one host/server into the LAN. other users can see :everything. :have you idea how to solve this problem?
Sorry, this is not a general newsgroup about firewalls, such as comp.security.firewalls -- this is a newsgroup for Cisco equipment, including [along with routers and switches] Cisco's VPN servers, Cisco's PIX firewall line, and Cisco's IOS IPSec implementations. Solutions to Windows 2000 as a firewall -server- are generally beyond the expertise of this newsgroup. You might get lucky and have someone here -happen- to know, but you might also not get a response for a few years...
If you were working with Cisco's security products, then there would be a couple of approaches you could use. One would be to use different vpn groups for each of the kinds of users; each vpn group has its own ACL assigned. Another approach within Cisco's products would be to use "downloadable ACLs" from a RADIUS server.
I have no informaiton as to whether Windows 2000 VPN server supports anything remotely close to the approaches you would take with Cisco.