VPN using EAP Authentication

• From: "Nitin (Indigo)" <nagarwal@xxxxxxxxxxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 8 Aug 2002 00:45:06 +0530

Hi Everyone
 
I am trying to setup VPN server on ISA server using EAP (Certificates
based). I have setup the RAS server to allow only EAP authentication and
also Remote Access Policies to allow EAP authentication (Smart Card or
other Certificate). My ISA server has got a Server Certificate from an
Enterprise CA authority on the domain.
 
My client also has got a user certificate from the same CA (the user
here is a domain user). Client also has got a server certificate from
the same CA. Now I make a VPN connection that uses only EAP
authentication - I select the following:
 
"Security (tab)
 
Advanced (custom settings)
Use of these settings requires a knowledge 
Of security protocols"
 
Then under settings for this option, I select:
 
"Data Encryption
Require encryption (disconnect if server declines)
 
Logon Security
Use Extensible Authentication Protocol
            Smart Card or other Certificate (encryption enabled)
"
 
then under Properties:
 
"Use a certificate on this computer
 
Validate server certificate
 
Trusted root certificate authority
XXXXX
"
 
Now when I connect the first dialog is as expected "Connecting to
xxx.xxx.xxx.xxx"
Then comes "Verifying Username and Password ..."
And after some time an error comes:
 
"Disconnected
Error 619: The port is not connected"
 
If, however, I use MS CHAP V2, connection goes through perfectly. Also
if I am logged on to the domain and then make the VPN connection to the
ISA server (by giving its external interface IP) EAP works fine and in
the connection properties I see "Authentication: EAP". What is puzzling
me is that when I make VPN connection using EAP from a PC not on the
domain, I get a pop-up asking me to select a certificate and that's all.
It then tries to make connection to the VPN server. Where does the
Username and Password come in that case?
 
I have been trying all possible configurations for quite some time but
couldn't make it work. Help wanted desperately!
 
Thanks
Nitin
 

Other related posts:

• » VPN using EAP Authentication

1. Home
2. isalist
3. Archive
4. 08-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---