Connection Attempt Processing

To process a connection attempt, the parameters of the connection attempt are compared to the user name, password, and dial-in properties of the user account and the configured remote access policies.

Some general characteristics of remote access connection attempt processing are:

• If a connection attempt does not use a valid user name and password, then the connection attempt is denied.

• If there are no configured policies, then all connection attempts are denied.

• If the connection attempt does not match any of the remote access policies, then the connection attempt is denied.

• If the remote access permission of the user account for the remote access user is set to Deny Access , the connection attempt is always denied for that remote access user.

• The only time that a connection attempt is allowed is when it matches the conditions of a remote access policy, and remote access permission is enabled either through the dial-in properties of the user account or through the remote access permission of the remote access policy (assuming the user's remote access permission is set to control access through remote access policies), and the parameters of the connection attempt match or conform to the parameters and conditions of the dial-in properties of the user account and the remote access policy profile properties.

Figure 7.15 depicts the specific processing of remote access connection attempts using the dial-in properties of the user account and remote access policies. Figure 7.15 assumes that the user name and password sent during the authentication process match a valid user account.

Figure 7.15 Connection Attempt Processing