Re: Newbe help -- Transition 2003 isa to 2008 nps

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: FenderAxe <fa@xxxxxxx>
Date: 16 Mar 2009 01:37:02 GMT

=?Utf-8?B?RXJpYw==?= <Eric@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:C378E33D-833B-453D-A248-6BBB47BB97EC@xxxxxxxxxxxxx:

I currently have a Running/funtion ISA on Windows 2003. We have a
Cisco VPN Concentrator, it sends/fowards VPN authentication request to
the ISA 2003 boxes fine.

I just set up a new server 2008 DC to the Domain, I installed NPS.
Added a Vpn Cllient
Add the new Server 2008 to the Radius server group.
Did the wizard to "Configure VPN or Dial-up".

When we configure the Cisco VPN Concentrator to go to the 2008 server,
it does not even hear the request as best we can determine. Also no
log files generated on the 2008 server, even though log files are
configured to be on in NPS.

Netstat does not show the 2008 system listening on port 1645 or 1812.

Also, "register server in Active Directory", "Start NPS Service" and
"Stop NPS Service" are gray.

Did I miss some fundamental part of NPS setup? ISA is very bare
compared to NPS. I don't need al the extras in NPS. Is that messing
me up?

You added a VPN client -- do you mean that you added the VPN concentrator
as a RADIUS client in NPS?

Did you configure the VPN concentrator to send Access-Request messages to
NPS?

What authentication method are actual clients (eg client computers/VPN
clients) using? Did you enable and deploy that authentication method in NPS
for that network policy?

Is the NPS server configured to process connection requests locally?

If you are using a certificate-based authentication method, did you deploy
certificate services and issue a cert to the NPS server that is based on
the RAS and IAS Server certificate template?

NPS allows you to configure the ports it listens on -- did you configure
those??? The default ports are in the Help.

Lots of things to look at...
.

References:
- Newbe help -- Transition 2003 isa to 2008 nps
  - From: Eric

Prev by Date: Re: Relaying acctg records with IAS
Next by Date: Re: Cisco PIX515e and Server 2008
Previous by thread: Newbe help -- Transition 2003 isa to 2008 nps
Next by thread: Cisco PIX515e and Server 2008
Index(es):
- Date
- Thread

Relevant Pages

Re: NPS RADIUS with Cisco wlc
... This certificate will not work for Server Authentication. ... provided to me on the NPS and installed into the trusted. ...
(microsoft.public.internet.radius)
Re: Autheniticating Remote Users
... We've recently deployed a Cisco 3020 VPN Concentrator (OK So maybe I ... RADIUS Server ... I am now aware of IAS and have had a quick look at it but got nowhere ...
(microsoft.public.internet.radius)
VPN Authentication to AD
... Level with a Cisco 3000 VPN Concentrator. ... This problem does not occur to newly created accounts, ... I finally troubleshot the problem to the Profiles Tab in the User ... authentication occurs like it should. ...
(microsoft.public.windows.server.active_directory)
IAS 2003 for Cisco VPN Authorization (MS A.D. Group Lookup)
... we are using Cisco VPN concentrator and Cisco ... How can we use IAS 2003 to do just this job of a group lookup in the ... Since Cisco VPN concentrator performs Authentication ...
(microsoft.public.internet.radius)
Re: RADIUS with Cisco 3000 VPN
... > Windows 2003 server but I can't get them to successfully ... > authenticate from the Cisco VPN concentrator. ... >>must enable the Guest account (or create an account you ...
(microsoft.public.windows.server.networking)