I currenlty am trying to setup network connect policy so that users in one of my roles can only access a predined list of ip addresses. I'm having issues with trying to get that setup up in resource policies-->Network Connect-->Network connect access control.
I created a new profile with the ip address that they are allow to access and applied them to the correct role but I can still access other resources on our network that are outside of that scope, when I log in as a user.
First you should check the box at the Role Mapping page to stop the role evaluation once a apecific role is met - this should "stop" the role NC overlapping.
I figured out what I was doing wrong thanks guys for your help.
The origional network connect policy which was configured for *.* or all resources, was interfering with my newly created policy that allowed users to access a scope of ip addresses.
I created a deny all policy just below that so that the intial network connect policy would not interfere with the new created policy. Then I assigned it to the newly created role and put the policy as the first in the order of presedence and viola it worked.