How to limit IP range access for the TAC VPN

How to limit access to a specific range of IP #'s when using a TAC VPN

Please Note - This procedure can only be done after the TAC VPN is configured and TAC configuration is activated.  Once complete the client will be required to re-establish the VPN connection

  1. On the TAC Gateway server, click Start, click Run, type nps.msc, and then press ENTER.

  2. In the Network Policy Server console tree, open Polices\Network Policies.

  3. In the details pane, double-click the TAC VPN policy or right mouse click and choose Properties.

  4. In the policy properties window, click the Settings tab, and then click IP Filters then under IPv4 click Input Filters


  5. On the Inbound Filters screen click New.

  6. In the Add IP Filter dialog box, select Destination network. Type the destination IP address next to IP address, and then type next to Subnet mask. In the following example, noncompliant TAC client computers are allowed access to the remediation server at

  7. Click OK to close the Add IP Filter dialog box, and then in the Inbound Filters dialog box, select Permit only the packets listed below. See the following example.

  8. Click OK to close the Inbound Filters dialog box.

  9. Click OK to close the TAC VPN Properties Window