Web Table 1: Useful Conditions for Remote Access Policies
Condition	Description
Authentication type	Type of authentication that the client has negotiated
Client "friendly" name	VPN server name. In relation to the IAS server, the client—not the user requesting remote access—is the VPN server. You define the VPN server's friendly name through the Internet Authentication Service snap-in on the Settings tab of the RADIUS client's Properties page. This condition and the next one let the IAS server respond differently to specific VPN servers. You can use pattern matching to respond to similarly named servers with the same remote access policy. If you have VPN servers in different areas of your enterprise network, you might need to respond with different profiles for each VPN server.
Client IP address	IP address of the VPN server. You can use pattern matching to specify all VPN servers on a particular subnet.
Day and time restrictions	Lets you specify that the remote access policy applies to specific days and times of the day. Connections outside the specified period won't match the policy.
Tunnel type	Type of tunnel (PPTP or L2TP) the client is requesting. You can use this condition to specify profile settings—such as authentication methods or encryption strengths—differently for PPTP and L2TP.
Windows groups	Lets you limit remote access policies to specific groups of users. You can use groups from AD (which is a best practice) or local groups on the IAS server.