Click Next to continue.
11. Review the settings and click Finish.
After the Remote Access Policy has been put into place, advanced settings and other modifications
can be made to it by double-clicking on the policy itself, enabling the options
shown in Figure 9.13 to be displayed.
Examining RADIUS Message Authentication
The RADIUS server and the RADIUS client communicate only with the designated IP
addresses set during the configuring of each device. To prevent IP address spoofing of the
client or server during authentication, the message authentication option is enabled. The
Message Authenticator attribute specifies that a MD5 hash of the entire authentication
message needs to be created, using the shared secret as the key. If the client or server does
not calculate the correct value of the Message Authenticator, communication is dropped.
For additional information, please review RFC 2869, detailing RADIUS extensions.
Be careful when configuring the RADIUS client address with the hostname of the ISA VPN
server. Verifying the IAS server can resolve this name to the internal interface of the ISA
VPN server. If the ISA server is a member of the domain, it may have already registered its
IP address with the internal Active Directory DNS server.
Pages:
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429