Radius Konfiguration für Astaro Secure Gateway

Quelle: http://www.astaro.org/astaro-gateway-products/vpn-site-site-remote-access/30951-pptp-radius-windows-2008-server-failing.html

CAUSE:
So the default wizard used to setup RADIUS services under Network Policy and Access Servers (2008 R2) created a Virtual Private Network (VPN) Connections policy under ‚Connection Request Policies‘. The condition was NAS Port Type = Virtual (VPN). It looks like an update to Astaro somewhere between 7.2 and 7.505 or Apple iOS 3.x > 4.0 must have changed information / exchange from the RADIUS client (Astaro) and the RADIUS server (2k8 R2). If you look at the event log you’ll see that under NAS: NAS Port-Type: is blank. I bet it previously sent „Virtual (VPN)“ as the NAS Port-Type which allowed it to pass through the default VPN wizard policy setup.
SOLUTION:
1. Open NPS MMC on 2008 R2 RADIUS server
2. Browse to Connection Request Policies
2.1. Server Manager/Roles/Network Policy and Access Services/NPS (Local)/Policies/Connection Request Policies:
3. Edit Virtual Private Network (VPN) Connections (Or whatever you named it)
3.1. I renamed mine to ASG L2TP VPN Connections
4. Browse to Overview tab
5. Change Type of network access server from Remote Access Server (VPN-Dial up) to Unspecified
6. Browse to Conditions tab
7. Remove Condition NAS Port Type = Virtual (VPN)
8. Add Condition NAS Identifier = l2tp
9. Add Condition client IPv4 Address = <Astaro IP address> (For Added Security)
10. Apply and close policy
11. Browse to Network Policies
11.1. Server Manager/Roles/Network Policy and Access Services/NPS (Local)/Policies/Network Policies:
12. Edit Virtual Private Network (VPN) Connections (Or whatever you named it)
12.1. I renamed mine to ASG L2TP VPN Connections
13. Browse to Overview tab
14. Change Type of network access server from Remote Access Server (VPN-Dial up) to Unspecified
15. Browse to Conditions tab
16. Remove Condition NAS Port Type = Virtual (VPN)
17. Add Condition NAS Identifier = l2tp
18. Add (if absent) Windows Groups = Active Directory group that allows users to VPN
19. Apply and close policy
20. Test

Dieser Beitrag wurde unter Astaro Secure Gateway, Windows Server abgelegt und mit , , verschlagwortet. Setze ein Lesezeichen auf den Permalink.

Schreibe einen Kommentar

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.