I've had the problem that users could enter their own IP address and dial in
with possible network errors as a result (when they would enter the IP
address of the mailserver or dns etc...duplicate IP-address ;-))
I've found a way the prevent this with CiscoSecure 2.1 (wich we run as an
AAA-platform) by specifying a POOL in the dialog-box for a certain
group...the problem now is this :
User can dial into different NAS'ses located in different cities...all
locations use different POOLS and so since all users are grouped in
CiscoSecure I have a pool problem:
Suppose UserA is in a CiscoSecure group General_Users and this group *MUST*
use Pool A
Pool A (city A) : 192.168.200.0
Pool B (city B) : 192.168.201.0
When UserA dials into the NAS, suppose he get 192.168.200.1 ... all works
When he/she is on the move and dial into the other NAS in CityB he/she STILL
gets a Pool A address because of the CiscoSecure GROUP that userA is related
How can you solve such problems ???
We want our user to be able to dial into ANY NAS, but *NOT* be able to use
own IP-address...so they have to be "rejected" on dialin...
Any ideas ???