Setup guidlanes to install SBS-Radius (to control IPSec VPN Firewa

Discussion in 'Windows Small Business Server' started by Juha, Nov 20, 2008.

  1. Juha

    Juha Guest

    Hi

    I have a working SBS 2003 nework where Remote File Access is established by
    IPSec VPN Firewall (and IPSec VPN Client SW). There are also one FW to FW
    IPsec VPN tunnel for Remote Office.We also use self signed certificates for
    eg. Remote Mail.

    The problem is that IPSec VPN Clients (laptops) need to have credentials to
    FW too. I suppose if I make the FW a Radius Client to SBS server the
    credentials are integrated and we don't need to have credentials for both the
    SBS server and FW.

    Do you have any hints how install Radius to SBS server? I have once tested
    it but
    ended up to difficulties with certificaties. I suppose the problem was that
    the instructions I followed wasn't excactly same as my test scenario or my
    test system were too messed up with previus testing.

    Thanks in advantage,

    Juha
     
    Juha, Nov 20, 2008
    #1
    1. Advertisements

  2. Hello,

    Thank you for posting here.

    According to your description, I understand that:

    You want the firewall that act as the IPsec VPN server (for remote access
    and site-to-site connection) to have integrated authentication with the SBS
    server AD by RADIUS.

    If I have misunderstood the problem, please don't hesitate to let me know.

    Suggestions:
    =========================
    For a VPN server (remote access server), it is a good practice to make it a
    RADIUS client of the Windows IAS for integrated authentication and
    accounting.

    To configure the firewall as the RADIUS client of the Windows IAS, the
    configuration is simple and different in the firewall from multiple
    venders. For example, for a Cisco IOS router you may refer to:

    Configuring IPSec Between a Cisco IOS Router and a Cisco VPN Client 4.x for
    Windows Using RADIUS
    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_examp
    le09186a00800949ba.shtml

    From the description, I think you got stuck with the certificate for secure
    the traffic by IPsec between the RADIUS server and the RADIUS client. For
    more related information, you may refer to:

    Dial-up and VPN remote access
    http://technet.microsoft.com/en-us/library/cc782585.aspx

    Implementing Your IAS Solution
    http://technet.microsoft.com/en-us/library/cc787513.aspx
    Hope this helps. Also, if you have any questions or concerns, please do not
    hesitate to let me know.




    Best regards,
    Miles Li

    Microsoft Online Partner Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Miles Li [MSFT], Nov 21, 2008
    #2
    1. Advertisements

  3. Juha

    Juha Guest

    Thanks Miles

    I confirm that you have understod my problem correctly. I believe that I'm
    cabable to set up the FW to be RADIUS client for WIN RADIUS Server. The rest
    (majority) is my problem.

    I investigate now your links. At the first look the task seems pretty
    tricky. Wonder if I have courage enough to implemet this in our company at
    first...

    Thanks again.

    Juha
     
    Juha, Nov 26, 2008
    #3
  4. Hello Juha,

    Please take your time to perform the task. If you have any further
    questions or concerns, please do not hesitate to let us know.

    Best regards,
    Miles Li

    Microsoft Online Partner Support
    Microsoft Global Technical Support Center

    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Miles Li [MSFT], Dec 1, 2008
    #4
  5. Cris Hanna [SBS MVP], Dec 1, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.