HOME
Technology
Life
Discover science
Medicine - Health
Event
EntertainmentInstalling and configuring the 2004 ISA Server Firewall - Chapter 3
CHAPTER 3: Install and configure Microsoft Internet Authentication Service
Microsoft Internet Authentication Server (IAS) is a standard of RADIUS (Remote Authentication Dial In User Service ) server used to authenticate Users connecting to the ISA Server 2004 Firewall machine.You can use IAS to authenticate Web Proxy clients on Internal Network or VPN clients, VPN gateways that are connecting from an External Network location (for example, from a branch office of the company).Alternatively, RADIUS authentication for remote users can be used when these objects connect to Web servers published through Web Publishing rules on ISA Server 2004.
The main advantage of using RADIUS to authenticate Web proxies and VPN connections is SA Server 2004 Firewall computers do not need to be members of Active Directory Domain to authenticate Users, when the accounts of these Usrs are in Active The database directory belongs to the Internal Network.Many Firewall administrators recommend that the Firewall Computer not be a member of the Domain User .Because this can prevent Attackers from entering the Firewall, and thereby gain the Domain Member rights from this Firewall, extend the attack direction to the Internal Network.
However, the major drawback to not having ISA Server 2004 Firewall as a member of the Internal Network domain is that we will not be able to use the ISA Firewall Client to provide legitimate authentication to ISA Server when these Firewall Clients access All TCP and UDP protocols.For this reason, we will create an ISA Server 2004 Firewall computer as a member of the Internal Domain.However, if you do not join the firewall to the domain, you can still use IAS to authenticate VPNs and Web Proxy clients.
The next work will be:
Install and configure Microsoft Internet Authentication Service
Microsoft Internet Authentication Service server is a RADIUS server.We will use this RADIUS server in the following sections of this tutorial (enable RADIUS authentication for Web Publishing Rules and learn how a RADIUS server authenticates PN clients)
Perform the following steps to install Microsoft Internet Authentication Server on domain controller EXCHANGE2003BE on the Internal Network:
1. Click Start , Control Panel . Click Add or Remove Programs .
2. In Add or Remove Programs , click Add / Remove Windows Components
3. On the Windows Components page, scroll down to Components list and select Networking Services entry. Click Details.
4. Check Internet Authentication Service checkbox and click OK.
5. Click Next on the Windows Components page.
6. Click Finish on the Completing the Windows Components Wizard page.
7. Close Add or Remove Programs
Next we will configure Internet Authentication Service
Configuration of Microsoft Internet Authentication Service
You need to configure the IAS server properly to work with the ISA Server 2004 Firewall computer.At this point, we will configure the IAS Server to work with ISA Server 2004 Firewall.The firewall will then be configured to communicate with the IAS server.
Follow these steps with the domain controller on the Internal Network to configure the IAS server:
1. Click Start , Administrative Tools. Click Internet Authentication Service.
2. In Internet Authentication Service console, expand Internet Authentication
Service (Local) node. Right click on RADIUS Clients node and click New RADIUS
Client.
3. On the Name and Address page of the New RADIUS Client wizard , fill in the Friendly-name of ISA Server 2004 Firewall computer in the Friendly name text box. Simply, this name is used to identify the RADIUS client and is not used for operational purposes. Fully insert FQDN name ( EXCHANGE2003BE. MSFIREWALL.ORG ) , or the IP address of ISA Server 2004 Firewall computer in Client address (IP or DNS) text box.
4. Click Verify . In the Verify Client dialog box, the FQDN- fully qualified domain name of ISA Server 2004 Firewall computer will appear in the Client text box. Click Resolve . If the RADIUS server can resolve the Name, the IP address will appear in the IP address frame . If the RADIUS server cannot resolve the IP Address name, this should be noted to the Admin that the hostname of the ISA Server 2004 Firewall has not been created in the DNS server (no record has been created for the Server). If this is the case, you can give two solutions: Create A Record for ISA Server on the DNS server installed on the Domain controller, or you can use IP address on the Internal interface ( 10.0.0.1 ) of the ISA Server 2004 Firewall in Client address (IP and DNS) text box belongs to Name or Address page (mentioned above). Click OK in the Verify Client dialog box.The purpose of the settings in this section is to turn the ISA Server 2004 Firewall into a RADIUS Client, then keep the RADIUS server and the RADIUS Client ready to collaborate.
5. Click Next on the Name and Address page of the New RADIUS Client wizard.
6. On the Additional Information page of the wizard, use the default Client-Vendor entry, the standard of RADIUS. Enter a password in the Shared secret text box and confirm this password . The secret password is shared (only the ISA Server 2004 Firewall and RADIUS server), and use this "signal" to work together. Shared Secret contains at least 8 characters (both mixed and normal, numbers and special characters .). Check to Request must contain the Authenticator attribute check box.Click Finish.
7. You should now see the New RADIUS client entry appear on the console
8. Close Internet Authentication Service console.
The next configuration on ISA Server 2004 Firewall to recognize its partner is the RADIUS server, the configuration will be carried out through this ISA Server 2004 Firewall and RADIUS server administration interface to take on the role of authentication. bridges from the Web and VPN clients.
Conclude:
In this chapter we mentioned the Microsoft Internet Authentication Server, how to install and configure an IAS server on the Domain controller of the Internal Network domain.In the next section of the tutorial, we will use this IAS server to authenticate external requests (incoming requestst of Web / VPN Clients) to access the Web / VPN server.
( Please read Chapter 4 .)
Previous chapter:
Installing and configuring the 2004 ISA Server Firewall - Chapter 2 Installing Certificate Services
Ho Viet Ha - Owner
Network Information Security Vietnam, Inc.
http://nis.com.vn
Email: networksecurity@Nis.com.vn
- Installing and configuring the 2004 ISA Server Firewall - Chapter 4
- Installing and configuring the 2004 ISA Server Firewall - Chapter 2 Installing Certificate Services
- How to protect DNS server from hackers
- Use a firewall (Firewall) to protect your computer
- 15 interesting questions about Firewall
- Vista will have a 'two-way firewall'
- ISG 1000 - Security tool for large and medium enterprises
- Arising a serious flaw in Macromedia products
- Free firewall for low-configuration machines
- Chinese firewalls generated serious flaws
- Microsoft introduced commercial server software
- Information security - Where to start?
What is the Snapdragon SiP chip?
How to create a yellow circle around the mouse cursor on Windows
Edit the Boot.ini file in Windows XP
3 ways to restart the remote computer via the Internet