RE: VPN on ISA 2004 Server with Radius
- From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Tue, 14 Sep 2004 08:15:42 -0500
Hi William,
Did you create a custom RAP for your remote access clients?
Is the ISA firewall a member of the domain? It must be, since you are
using Windows auth, unless you are testing with accounts in the local
SAM.
What VPN protocol are you using and what PPP authentication method?
Thanks!
Tom
-----Original Message-----
From: William Holmes [mailto:wtholmes@xxxxxxxxxxxxxx]
Sent: Monday, September 13, 2004 2:32 PM
To: [ISAserver.org Discussion List]
Cc: radiator@xxxxxxxxxxx
Subject: [isalist] VPN on ISA 2004 Server with Radius
http://www.ISAserver.org
Hello,
I know I have asked this question in part before:
I have a ISA2004 Server on Windows 2003 setup as a VPN server. When
authenticating with Windows Authentication it works fine. However when
using RADIUS authentication I receive an error on the client. The error
is:
Error 742: The remote computer does not support the required data
encryption type.
If I clear the Require data encryption (disconnect if none) Checkbox on
the Security Tab on the Client side. The connection is made without a
problem.
This obviously is not an acceptable solution as with out encryption a
VPN becomes a VN.
The radius response packet should be telling the RRAS server to use
encryption and what types are available. My question is which attibutes
need to be returned to the RRAS server from the RADIUS server in order
to set up the connection correctly.
I am using a third party RADIUS server (Radiator Radius). I have it
returning the following additional attributes:
MS-MPPE-Encryption-Policy = "Encryption-Required"
MS-MPPE-Encryption-Types = "Encryption-Any"
Interestingly enough if I add MS-MPPE-Encryption-Policy =
"Encryption-Required". The client connect will fail if the Require data
encryption (disconnect if none) Checkbox is cleared. I believe that this
indicates that there is correct attibute flow between my RADIUS server
and the RRAS server on ISA. The question is what additional attributes
are required.
Is there a reference on this anywhere. I have looked on technet and msdn
as well as Google.
Thanks
Bill
William Holmes (MCP)
Department of Computer Science
310 Upson Hall
Cornell University
Ithaca, NY 14853
wtholmes@xxxxxxxxxxxxxx
607 255-1757 (o) 607 227-6049 (c)
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org Windows
Security Resource Site: http://www.windowsecurity.com/ Network Security
Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx
Other related posts:
