The Group Access Policies folder under Receiver Connection Profiles provides options for configuring point-to-point connection parameters that apply to a group of remote users. It applies only to those point-to-point connections that originate from a remote system and are received by the local system.
To configure a new group access policy, follow these steps:
The multilink configuration specifies that you want to have multiple physical lines join together in a bundle. The maximum number of lines per bundle can be between 1 and 6. Because you do not know the type of line setting until a connection is made, the default value is always 1. The group policy can be used to extend or limit the Multilink protocol's capabilities for a specific user.
Maximum links per bundle specifies the maximum number of links (or lines) that you want to become the one logical line. The maximum number of lines cannot be greater than the number of free lines when this group policy is applied to a session for a PPP profile.
Check Require bandwidth allocation protocol if you want to specify that a connection is established only if the remote system supports the Bandwidth Allocation Protocol (BACP). If BACP cannot be negotiated, only a single link is allowed.
Allow remote system to access other networks (IP forwarding). This option specifies whether you want IP forwarding. If you select this option, you are essentially enabling the system to act as a router for this connection. This allows IP datagrams not destined for this system to pass through this system onto a connected network. If you leave this option blank, the IP discards those datagrams from the remote system that are not destined for any addresses local to this system.
There might be security reasons why you do not want to allow IP forwarding. In contrast, an ISP generally provides IP forwarding. Note that this takes effect only if system-wide IP datagram forwarding is enabled; otherwise, it is ignored even if marked. System-wide IP datagram forwarding can be displayed from the General tab on the IPv4 Properties page.
Request TCP/IP header compression (VJ). This option specifies whether you want IP to compress header information after it establishes a connection. Compressing typically increases performance, particularly for interactive traffic or slow serial lines. Header compression follows the Van Jacobson (VJ) method defined in RFC 1332. For PPP, compression is negotiated when the connection is established. If the other end of the connection does not support VJ compression, the system establishes a connection that does not use compression.
Use IP packet rules for this connection. This option specifies whether you want to apply a filter rule for this group policy. Filter rules control the IP traffic in your network. You can use this IP packet filtering component to protect your system by filtering packets according to the rules that you specify. The rules are based on packet header information.
You can apply a group policy to a remote access user when you complete the point-to-point properties for a new receiver connection profile.
To apply a group policy to a remote access user...
For security purposes, it is suggested that you do not use the same password for a user defined for Challenge Handshake Authentication Protocol 22314 (CHAP), Extensible Authentication Protocol (EAP), and Password Authentication Protocol (PAP).