RE: VPN clients, IAS proxy, remote radius server groups and ISA 2004

• From: "Thomas W Shinder" <tshinder@xxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Tue, 4 Jan 2005 07:38:53 -0600

Hi Martjin,
 
Is the ISA firewall/IAS server installed on Win2k?
 
Thanks!
 
Tom
www.isaserver.org/shinder <http://www.isaserver.org/shinder> 
Tom and Deb Shinder's Configuring ISA Server 2004
http://tinyurl.com/3xqb7 <http://tinyurl.com/3xqb7> 
MVP -- ISA Firewalls

 

________________________________

From: Martijn de Vries [mailto:martijnv@xxxxxxxxxxxxxxx] 
Sent: Tuesday, January 04, 2005 3:56 AM
To: [ISAserver.org Discussion List]
Subject: [isalist] VPN clients, IAS proxy, remote radius server groups
and ISA 2004


http://www.ISAserver.org

Hello,
 
With ISA 2000 it was possible to authenticatie vpn clients on two
different domains. The method I used for this depended on a feature in
IAS of windows server 2003 called Remote radius server groups.
 
On the ISA Server I installed the IAS Service and configured the remote
radius server groups for the different domains, the ISA/RRAS server
authenticated vpn clients against the IAS service on the local machine,
the local IAS service proxyd the requests to the correct IAS service.
 
With ISA 2004 it is possible to make the same configuration, however all
authentication requests will fail. The IAS service on the ISA server
logs an event with source IAS and ID 3. Description includes "Access
request for user DOMAIN\userid was discarded." and "The request was
discarded by a third-party extension DLL file.".
 
My best guess is that the ISA Quarantine feature makes use of a special
extension dll wich is incompatible with remote radius server groups.
Local authentication works fine, but is a little useless on a standalone
server.
 
Can someone comment on this, perhaps from the development team. Maybe
this is an unsupported configuration (which  unintentionally worked with
ISA 2000), maybe this can be fixed with an update. Or perhaps there is
another way the get the same results.
Are there others with the same problem?
 
Sincerely,
 
Martijn de Vries


************************************************************************
****
Info Support - http://www.infosupport.com

Alle informatie in dit e-mailbericht is onder voorbehoud. Info Support
is op geen enkele wijze aansprakelijk voor vergissingen of onjuistheden
in dit bericht en staat niet in voor de juiste en volledige overbrenging
van de inhoud hiervan. Op al de werkzaamheden door Info Support
uitgevoerd en op al de aan ons gegeven opdrachten zijn onze Algemene
Voorwaarden van toepassing (te vinden op onze website).

De informatie in dit e-mailbericht is uitsluitend bestemd voor de
geadresseerde. Gebruik van deze informatie door anderen is verboden.
Openbaarmaking, vermenigvuldiging, verspreiding en/of verstrekking van
deze informatie aan derden is niet toegestaan.

Dit e-mailbericht kan vertrouwelijke informatie bevatten. Indien u dit
bericht dus per ongeluk ontvangt, stelt Info Support het op prijs als u
de zender door een antwoord op deze e-mail hiervan op de hoogte brengt
en deze e-mail vervolgens vernietigt.
************************************************************************
****
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com
Leading Network Software Directory: http://www.serverfiles.com
No.1 Exchange Server Resource Site: http://www.msexchange.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
tshinder@xxxxxxxxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx 

Other related posts:

• » VPN clients, IAS proxy, remote radius server groups and ISA 2004
• » RE: VPN clients, IAS proxy, remote radius server groups and ISA 2004

1. Home
2. isalist
3. Archive
4. 01-2005

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---