5. Enter and confirm a shared secret in the field provided. This shared secret is entered
again at a later point to encrypt the communications between the ISA server and the
IAS server.
6. Enable the Request Must Contain the Message Authenticator Attribute option.
7. Click Finish to close the window. The newly configured RADIUS client is displayed
in the Details pane.
FIGURE 9.10 Registering the IAS in Active Directory.
2. Right-click Internet Authentication Service (Local) and select Register Service in
Active Directory from the context menu, as shown in Figure 9.10.
239
9
Utilizing RADIUS Authentication for VPN Connections
FIGURE 9.11 Setting up the ISA server as an IAS client.
NOTE
The shared secret is used to encrypt specific information sent between the RADIUS
server and RADIUS client. The shared secret is also used to verify the integrity of the
data and make sure it is not modified during transmission. Because the key is used to
encrypt the data between the client and server, it is highly recommended to use a shared
secret key with at least 22 characters consisting of a random combination of alphanumeric
and special characters, and optimal to use a key with 128 random characters.
Pages:
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426