Depending on the level of comfort desired, the shared secret should be periodically
changed, more often if the network segment between the ISA VPN server and the IAS
server is not completely trusted. This ensures that anyone who captures the traffic
does not have enough time to crack the key by way of a brute force attack before it has
been changed. As an additional level of security, IP Security (IPSec) encryption using
machine certificates is recommended.
Establishing IAS Remote Access Policies
After the RADIUS client information has been created, the RADIUS server must be configured
to allow VPN connections. IAS allows for the creation of Remote Access Policies that
allow specific types of VPN connections to be made. These Remote Access Policies also
allow for specific users or groups to be granted access.
240 CHAPTER 9 Enabling Client Remote Access with ISA Server 2006 VPNs
NOTE
Whether using domain-based or RADIUS authentication, it is best practice to create an
Active Directory group that will be used to grant access to VPN. Granting VPN access
then becomes as simple as adding a user as a member of that group.
To create a Remote Access Policy, perform the following from the server running IAS (not
the ISA server):
1.
Pages:
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427