Configuration of the Windows 2003 RADIUS Server

In our example, a Windows 2003 RADIUS server is used for advanced IPSec authentication (XAuth). Internet Authentication Service (IAS) must be installed on this server. The RADIUS server accesses the Microsoft Active Directory Service and uses Windows logon data for advanced IPSec authentication (XAuth).

Internet Authentication Service

In the Microsoft Management Console Internet Authentication Service the R3000 must be created in the New RADIUS Client submenu as a RADIUS client. Enter the designation and IP address of the VPN gateway.

New RADIUS Client

Here, the password for RADIUS communication (e.g. bintec elmeg ) is saved.

Password

Then, a new policy is created in the New Remote Access Policy Wizard.

Policy Name

When creating the Remote Access Policy, conditions to which this dial-in policy shall apply must be saved. In our example, the corresponding client provider is saved. For example, it would also be possible to save a specific time-span during which the dial-in policy should be used.

Policy Conditions

The dial-in policy should allow VPN access or access to the network. For this, enable Grant remote access permission .

Permissions

The other steps for creating a new dial-in policy can be taken over, as shown in the following steps.

Profiles

Dial-in constraints

Authentication

Encryption

New remote access policy wizard

Via user administration of Active Directory Services there is the option of allowing, or preventing, VPN dial-in per user.

dial-in