Solved

server 2008r2 NPS raidus from cisco

Posted on 2014-02-28
3
396 Views
Last Modified: 2014-03-08
Anyone know the settings to allow L2TP clients on a cisco authenticate to AD by way of RADIUS?

I've set the NAS-Port type to VPN, and everything else except wireless, and the policy is bypassed.  The security log is showing the policy applied is the default "connections to other access servers" (which is st to deny, but for some reason still authenticates users...weird).

I have another network policy for WiFi AP's using RADIUS as well, and connections are denied if I have the WiFi policy enabled - even if my L2TP VPN policy is 1st in the processing order.  The wifi clients do authenticate successfully when the wifi policy is enabled.

If I disable the wifi policy, it falls through to the bottom-most default as mentioned.

Any thoughts?
0
Comment
Question by:snowdog_2112
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Gajendra Rathod earned 300 total points
ID: 39896370
0
 

Assisted Solution

by:snowdog_2112
snowdog_2112 earned 0 total points
ID: 39900691
Your link was *partially* correct.  PLease re-read yhe OP and notice that VPN connections are working, as are wireless connections - providing I have only one policy or the other Enabled in NPS.

The clue in the link you supplied was to add the NAS-Port-Type to the Conditions tab.  I had the NAS-Port-Type specified on the Constraints tab.

Setting the NAS-Port-Type to VPN on the VPN policy and Wireless - IEEE 802.11 on the WiFi policy was my fix.

Now I have both policies enabled and both are working.

Thanks for the tip - I'm giving you some, but not all credit, as the link did not answer my question directly, but certainly gave me the lightbulb moment.
0
 

Author Closing Comment

by:snowdog_2112
ID: 39914443
I am including my own comment as a solution because the link in the one comment did not completely resolve the issue.  from the information specific to VPN with Cisco, I discovered that I needed to add the NAS-Port-type as a CONDITION and not a CONSTRAINT on the policies.

Thanks.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
how do i add admin console 4 26
LDAP search through mutiple lower OU's 3 25
Whitelisting applications 2 21
Run Powershell Function as Scheduled Task with Parameters 1 23
This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question