Hi, I'm using a "black hole" setup together with Group polcies to solve this. This is what I've done: Isolate the connectivity from the VPN-client subnet to none or internet only (if you are using a full tunnel.) Create a group policy Add "override" priviliges to this group that matches your conditions Note that when you use this type of setup you need to administer all incomming connections. I haven't tried this with LDAP integration module, only with radius which doesn't support mapping of users into groups in this case.
... View more