However, after a user is authenticated, anyone else may also access the protected services if they orginate from the same source IP address (NAT'd network). The authentication mechanism is designed to authenticate based on source-ip address only.
Most firewalls track authenticated users based on the client's source IP address. If you need a stronger method, you could always use the Netscreen Remote client software and require a secure tunnel from the clients to get to your protected resources.
-Brian Soby
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
