locked
Windows AD as a VPN RAIDUS server RRS feed

  • Question

  • I am setting up a Cisco ISR router to authenticate the VPN users against AD. I have the Cisco setup from their website, and I see the configuration for Win2003 server on the site. I know this is mostly correct, I had to make some changes on the server side to make this work correctly.  I am wondering if anyone out there has set this up with Windows Server 2008. I am specifically looking for the settings on the Windows server, not the Cisco.  

    I already made my domain controller the Network Policy server and have allowed my users access through their user accounts. I am setting up the Access Policy and this is where my confusion is, as 2008 is very different then 2003.  

    If you would like to look at the settings for the server on the Cisco Site, you can view it here: http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00806de37e.shtml

    Any pointers on how to configure the Windows 2008 server would be very appreciated.

    Thank you. 
    Scotty
    Tuesday, October 28, 2008 3:44 PM

Answers

  • Hi Scotty,

    In the link you provided, under the Microsoft Windows 2003 Server with IAS Configuration section, step 2 discusses configuring the Connections to Other Access Servers policy. This policy is included in NPS also. Access permission by default is set to Deny access, so I believe the link is telling you to modify this to Grant Access. Then, there are instructions to set authentication methods which is on the constraints tab. I don't see anything that indicates settings are used on conditions tab, so you should be able to leave this with the default settings.

    I'm not familiar with this VPN server though so I'm not positive about the configuration. I'm just going off what the instructions say in the link you provided.

    -Greg

    Tuesday, October 28, 2008 10:50 PM

All replies

  • Hi Scotty,

    Remote Access Policies are now called Network Policies in NPS. What step in particular is giving you trouble?

    -Greg
    Tuesday, October 28, 2008 8:09 PM
  • Hi Greg,

    I see where to setup RADIUS clients, and how to configue the shared secret. The Network Policy is where my confusion lies.  Under the "settings" tab, Under the RADIUS Attributes, are there any Standard or Vendor Specific information that I need to put in?  I am not totally sure if I need any of those settings.

    Thank you,


    Scotty
    Tuesday, October 28, 2008 10:37 PM
  • Hi Scotty,

    In the link you provided, under the Microsoft Windows 2003 Server with IAS Configuration section, step 2 discusses configuring the Connections to Other Access Servers policy. This policy is included in NPS also. Access permission by default is set to Deny access, so I believe the link is telling you to modify this to Grant Access. Then, there are instructions to set authentication methods which is on the constraints tab. I don't see anything that indicates settings are used on conditions tab, so you should be able to leave this with the default settings.

    I'm not familiar with this VPN server though so I'm not positive about the configuration. I'm just going off what the instructions say in the link you provided.

    -Greg

    Tuesday, October 28, 2008 10:50 PM
  • Thanks Greg.  You gave me what I was looking for.  I will work with it, and call Cisco if I need more help. I appreciate the answers.
    Scotty
    Tuesday, October 28, 2008 11:06 PM