setting up Microsoft IAS for vpn login !

nabeel92 used Ask the Experts™
Hi there,
Am following the given belowlink to configure an IAS server. Goal is that users should be able to use their Cisco remote vpn client with their Active directory login/pwds ...

My confusion is this:

1. In the article, he talks about setting remote access policies for authentication to various devices. I don't see how does that fit to my case because I dont want my networking devices authenticated against IAS. All I am after is that when users log onto my VPN (which is configured on a cisco router using a public I.P in DMZ), then users should enter their AD credentials to log in.

2. In my case, my Radius Client will be only 1 which is the Cisco router with the Public I.P, right ?

I just installed IAS and haven't really configured anything on it as yet !

Will appreciate ur help.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
That article is absolutely perfect for your needs

if you need active directory authentication for remote access

your active directory server should act as radius server in your network

you can point your cisco device to active directory server as radius server
when client dialed from remote cisco device forward authentication request to radius server (active directory)
first configure your router to point radius server this case(active directory server)

then configure IAS service for authentication
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

whats type of cisco device you are using then we can help to configure cisco device for radius authentication
Open IAS
Right click on RADIUS Client => New RADIUS Client
Enter the name of your router and it's IP, Next
Client-Vendor is Cisco and then enter the secret (same as you did with the aaa commands on the router) and do NOT tick request must contain the message authenticator attribute then Finish.

Right click Remote Access Policies and create a new policy.
Custom policy, name it then next.
Now the way I do it is to have a separate group for user authentication so we have "VPN Users" as a group and add those people to it. If you want to do that then create the group and add the users then come back here to continue.
Add policy conditions
Windows-Groups, Add and enter the name of the group (in our case VPN users)
OK, OK, Next
Change the radio button to "grant" permission otherwise it won't work :) then next
Edit Profile, go to the Authentication tab and select CHAP and PAP then OK, don't bother reading the help, Next, Finish.

That should do it.


thanks a lot for that btassure ... when i add windows-groups, then it shows me the OU (or in other words, the already defined groups/OUs in active directory which then have the users) That's what I add  .. Is that correct ?
Other than tht, ive configured the IAS as per your instructions ... however am stuck at the moment in trying to get the authentication right which am not sure has to do with the config of the router or this IAS ? i've another question posted for an issue am facing with the router that am trying to get to talk to AD for authentication ! if u can spare ur thoughts on this ...

b/w thanks yet again for the great help -:)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial