This is often recommended over providing full network
access to VPN clients. This way, if someone??™s account is compromised by an unauthorized
user, that user can access only a small number of services, rather than the
entire network.
Utilizing RADIUS Authentication for VPN
Connections
In many cases, it may not be feasible to grant the ISA server domain membership. In these
cases, ISA can still perform authentication of VPN users using the industry-standard
Remote Access Dial-Up Service (RADIUS). Microsoft??™s Internet Authentication Service (IAS),
which provides for RADIUS authentication against Active Directory user accounts, is
included with the Windows 2000 Server and Windows Server 2003. This, in terms of a
Microsoft-based network, allows stand-alone servers to authenticate domain users without
requiring that they be domain members. For additional information on the RADIUS protocol,
please review RFC 2865 on the IETF website, as follows:
http://www.ietf.org/rfc.html
NOTE
Any RADIUS-compliant software, including third-party offerings, can be used by ISA to
authenticate users. This can be a useful way to extend ISA to take advantage of existing
investment within an organization.
Pages:
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422