Hi William, Did you create a custom RAP for your remote access clients? Is the ISA firewall a member of the domain? It must be, since you are using Windows auth, unless you are testing with accounts in the local SAM. What VPN protocol are you using and what PPP authentication method? Thanks! Tom -----Original Message----- From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx] Sent: Monday, September 13, 2004 2:32 PM To: [ISAserver.org Discussion List] Cc: radiator@xxxxxxxxxxx Subject: [isalist] VPN on ISA 2004 Server with Radius http://www.ISAserver.org Hello, I know I have asked this question in part before: I have a ISA2004 Server on Windows 2003 setup as a VPN server. When authenticating with Windows Authentication it works fine. However when using RADIUS authentication I receive an error on the client. The error is: Error 742: The remote computer does not support the required data encryption type. If I clear the Require data encryption (disconnect if none) Checkbox on the Security Tab on the Client side. The connection is made without a problem. This obviously is not an acceptable solution as with out encryption a VPN becomes a VN. The radius response packet should be telling the RRAS server to use encryption and what types are available. My question is which attibutes need to be returned to the RRAS server from the RADIUS server in order to set up the connection correctly. I am using a third party RADIUS server (Radiator Radius). I have it returning the following additional attributes: MS-MPPE-Encryption-Policy = "Encryption-Required" MS-MPPE-Encryption-Types = "Encryption-Any" Interestingly enough if I add MS-MPPE-Encryption-Policy = "Encryption-Required". The client connect will fail if the Require data encryption (disconnect if none) Checkbox is cleared. I believe that this indicates that there is correct attibute flow between my RADIUS server and the RRAS server on ISA. The question is what additional attributes are required. Is there a reference on this anywhere. I have looked on technet and msdn as well as Google. Thanks Bill William Holmes (MCP) Department of Computer Science 310 Upson Hall Cornell University Ithaca, NY 14853 wtholmes@xxxxxxxxxxxxxx 607 255-1757 (o) 607 227-6049 (c) ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx