(RADIATOR) VPN on ISA 2004 Server with Radius

[William Holmes]

Hello,

I know I have asked this question in part before:

I have a ISA2004 Server on Windows 2003 setup as a VPN server.  When
authenticating with Windows Authentication it works fine. However when using
RADIUS authentication I receive an error on the client. The error is:

Error 742: The remote computer does not support the required data encryption
type. 

If I clear the Require data encryption (disconnect if none) Checkbox on the
Security Tab on the Client side. The connection is made without a problem.
This obviously is not an acceptable solution as with out encryption a VPN
becomes a VN.

The radius response packet should be telling the RRAS server to use
encryption and what types are available. My question is which attibutes need
to be returned to the RRAS server from the RADIUS server in order to set up
the connection correctly. 

I am using a third party RADIUS server (Radiator Radius). I have it returning
the following additional attributes:

MS-MPPE-Encryption-Policy = "Encryption-Required"
MS-MPPE-Encryption-Types = "Encryption-Any"

Interestingly enough if I add MS-MPPE-Encryption-Policy =
"Encryption-Required". The client connect will fail if the Require data
encryption (disconnect if none) Checkbox is cleared. I believe that this
indicates that there is correct attibute flow between my RADIUS server and
the RRAS server on ISA. The question is what additional attributes are
required.

Is there a reference on this anywhere. I have looked on technet and msdn as
well as Google.

Thanks

Bill

William Holmes (MCP)
Department of Computer Science
310 Upson Hall
Cornell University
Ithaca, NY 14853
wtholmes at cs.cornell.edu
607 255-1757 (o) 607 227-6049 (c)
 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.