Checking through the logs of our RRAS I am seeing lots of failed connections from particular IP addresses attempting to connect via VPN.
I have a policy set up that only allows connections from user accounts that are members of a security group. I know this should be sufficient but I don’t want any of the bogus attempts to successfully access our network due to a lucky name/password combination.
I have had a quick look through the various options for setting up policies in NPS but cannot see one that allows straight-forward blocking of an IP, or blocking based on membership of a blacklist.
This is set up on a Windows Server 2012 Standard Edition member server.