Re: Which ports opened for ISA 2004 ? Pre-authentication feature, ISA not joined to domain

From: Marlon Brown (marlon_brown_at_hotmail.com)
Date: 11/12/04

  • Next message: Daryl G.: "Re: ISA 2004 on Same Server as Web Server?" 
    Date: Fri, 12 Nov 2004 07:52:28 -0800

    Very good !
    If I already have Cisco ACS 3.0 (Cisco solution used for our Cisco VPN and
    wireless implementations) I am wondering if I could point the ISA to do
    radius authentication using that system...

    "Tristan Kington [MSFT]" <tristank@online.microsoft.com> wrote in message
    news:%23X2yp18xEHA.3808@TK2MSFTNGP15.phx.gbl...
    > Yes, RADIUS allows you to use basic delegation.
    >
    > You need to be able to contact an IAS/RADIUS server that can authenticate
    > the users against the domain, so it's generally going to be a domain
    member
    > on the Internal network (basically, *something* needs to use AD to
    > authenticate the users, and in this case it's the IAS box).
    >
    > The ISA configuration is pretty straightforward, I blogged about it a
    while
    > back:
    > http://blogs.msdn.com/tristank/archive/2004/08/09/211154.aspx
    >
    > And IsaServer.org has a nice, longer guide to it:
    >
    http://www.isaserver.org/tutorials/ISA2004-RADIUS-Authentication-Web-Publishing-Rules-Part1.html
    >
    > --
    > http://blogs.msdn.com/tristank/
    > --
    > This post is provided "AS-IS", and confers no warranty.
    >
    >
    > "Marlon Brown" <marlon_brown@hotmail.com> wrote in message
    > news:uxhe1R3xEHA.1196@TK2MSFTNGP15.phx.gbl...
    > > From reading the documentation, I understand that ISA 2004 can provide
    > > "pre-authentication" feature even if ISA boxes are in the DMZ and not
    > > joined
    > > to the domain.
    > >
    > > I understand that I would need to use Radius for this. Can you please
    tell
    > > me what type of arrangements I have to make ? Do I need to enable IAS in
    a
    > > server in the internal network then ? or I need to configure IAS in the
    > > ISA
    > > server itself ?
    > > Which ports would I need to open in my 'primary PIX firewall' to allow
    > > this
    > > 'ISA pre-authentication' feature to work ?
    > >
    > > Internet-->PixFirewall->ISA(DMZ)--->Front-end servers Internal
    > >
    > >
    >
    >

  • Next message: Daryl G.: "Re: ISA 2004 on Same Server as Web Server?"

    Relevant Pages

    • Re: Which ports opened for ISA 2004 ? Pre-authentication feature, ISA not joined to domain
      ... RADIUS allows you to use basic delegation. ... You need to be able to contact an IAS/RADIUS server that can authenticate ... The ISA configuration is pretty straightforward, I blogged about it a while ...
      (microsoft.public.isa)
    • Re: RADIUS (IAS) and Cisco Concentrator?
      ... Well I have Windows 2003 ISA and a Cisco Concentrator and simple want to ... Is there a tool I can test RADIUS just to prove whether I have configured ...
      (microsoft.public.windows.server.active_directory)
    • Re: radius server implimentation
      ... for AP just look at 802.1x using ias server from microsoft for radius, ... > I'm looking into implementing a radius server that will do authentications ... > for a Cisco VPN 3000 concentrator. ... > Cisco Aironet 1200 access points to authenticate any wifi users. ...
      (Security-Basics)
    • Re: Which ports opened for ISA 2004 ? Pre-authentication feature, ISA not joined to domain
      ... you should be able to do auth against any RADIUS server. ... > wireless implementations) I am wondering if I could point the ISA to do ... >> authenticate the users, and in this case it's the IAS box). ...
      (microsoft.public.isa)
    • RE: ISA Reverse Proxy with Radius Authentication
      ... For testing i used the same rule and listener to authenticate over LDAP and ... When i swiched back to radius i still see the anonymous in the user field. ... So why can't the ISA Server process the Radius Accept Packet? ...
      (microsoft.public.isa.publishing)
    • Quantcast