IAS Server

Discussion in 'Server Setup' started by Mike, Aug 27, 2003.

  1. Mike

    Mike Guest

    Hey all,

    I am currently using IAS to authenticate our VPN connections from our PIX.
    I added another client (my backbone switch) to the IAS and another Access
    Policy. When I try and authenticate myself from the switch, it does not let
    me pass unless I change the order of the 2nd policy specifically for the
    switches and put it first, then it lets me logon.

    Is there any way I can use more than one client and multiple access policies
    to isolate each client to a specific policy.

    thanks all,

    Mike, Aug 27, 2003
    1. Advertisements

  2. yes
    what you need to make sure of is that the client that is trying to connect
    does not match a previous policy. so let s say you have 3 policies based on
    windows group conditions, the first one based on group1, the second on group
    2 and the third on group 3
    if user Joe is a member of group 1 and 3, and he tries to authenticate he
    will match the first policy and authenticate using it.

    the problem you are seeing must be that you first policy is more restrictive
    so when you VPN from the switch you will match the first one and get denied

    try to put the broader policy last and the more restrictive and more "
    defined" policy first

    let me know if I can help more


    This posting is provided "AS IS", with NO warranties and confers NO rights

    Upcoming Event: Tech Chat about "Secure Wireless authentication using IAS,
    PEAP and EAP"
    on September 25th at 10AM PT
    Wajihy [MSFT], Aug 27, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.