server 2008r2 NPS raidus from cisco

Anyone know the settings to allow L2TP clients on a cisco authenticate to AD by way of RADIUS?

I've set the NAS-Port type to VPN, and everything else except wireless, and the policy is bypassed.  The security log is showing the policy applied is the default "connections to other access servers" (which is st to deny, but for some reason still authenticates users...weird).

I have another network policy for WiFi AP's using RADIUS as well, and connections are denied if I have the WiFi policy enabled - even if my L2TP VPN policy is 1st in the processing order.  The wifi clients do authenticate successfully when the wifi policy is enabled.

If I disable the wifi policy, it falls through to the bottom-most default as mentioned.

Any thoughts?
snowdog_2112Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gajendra RathodLead System AdministratorCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
snowdog_2112Author Commented:
Your link was *partially* correct.  PLease re-read yhe OP and notice that VPN connections are working, as are wireless connections - providing I have only one policy or the other Enabled in NPS.

The clue in the link you supplied was to add the NAS-Port-Type to the Conditions tab.  I had the NAS-Port-Type specified on the Constraints tab.

Setting the NAS-Port-Type to VPN on the VPN policy and Wireless - IEEE 802.11 on the WiFi policy was my fix.

Now I have both policies enabled and both are working.

Thanks for the tip - I'm giving you some, but not all credit, as the link did not answer my question directly, but certainly gave me the lightbulb moment.
0
snowdog_2112Author Commented:
I am including my own comment as a solution because the link in the one comment did not completely resolve the issue.  from the information specific to VPN with Cisco, I discovered that I needed to add the NAS-Port-type as a CONDITION and not a CONSTRAINT on the policies.

Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VPN

From novice to tech pro — start learning today.