Installing and configuring the 2004 ISA Server Firewall - Chapter 3
CHAPTER 3: Install and configure Microsoft Internet Authentication Service
Microsoft Internet Authentication Server (IAS) is a standard of type RADIUS (Remote Authentication Dial In User Service) server used to authenticate Users connecting to the ISA Server 2004 Firewall machine. You can use IAS to authenticate Web Proxy clients on the Internal Network or VPN clients, VPN gateways that are connecting from an External Network location (for example, from a branch office of the company). In addition, RADIUS authentication for remote users can be used when these objects connect to Web servers published through Web Publishing rules on ISA Server 2004.
The main advantage of using RADIUS to authenticate Web proxies and VPN connections is SA Server 2004 Firewall computers do not need to be a member of Active Directory Domain to authenticate Users, when the accounts of these Usrs are in Active The database directory belongs to the Internal Network.Many Firewall administrators recommend that the Firewall Computer not be a member of the User Domain . Because this can prevent Attackers from entering the Firewall, and thereby gain the Domain Member rights from this Firewall, extend the attack direction to the Internal Network.
However, the major drawback to not having ISA Server 2004 Firewall as a member of the Internal Network domain is that we won't be able to use the ISA Firewall Client to provide legitimate authentication to ISA Server when these Firewall Clients access All TCP and UDP protocols. For this reason, we will create an ISA Server 2004 Firewall computer as a member of the Internal Domain. However, if you do not join the firewall to the domain, you can still use IAS to authenticate VPNs and Web Proxy clients.
The next work will be:
Install and configure Microsoft Internet Authentication Service
Microsoft Internet Authentication Service server is a RADIUS server. We will use this RADIUS server in the following sections of this tutorial (enable RADIUS authentication for Web Publishing Rules and learn how a RADIUS server authenticates PN clients)
Perform the following steps to install Microsoft Internet Authentication Server on domain controller EXCHANGE2003BE on the Internal Network:
1. Click Start , Control Panel . Click Add or Remove Programs .
2. In Add or Remove Programs , click Add / Remove Windows Components
3. On the Windows Components page, scroll down to Components list and select Networking Services entry. Click Details.
4. Check Internet Authentication Service checkbox and click OK.
5. Click Next on the Windows Components page.
6. Click Finish on the Completing the Windows Components Wizard page.
7. Close Add or Remove Programs
Next we will configure Internet Authentication Service
Configuration of Microsoft Internet Authentication Service
You need to configure the IAS server properly to work with the ISA Server 2004 Firewall computer. At this point, we will configure the IAS Server to work with ISA Server 2004 Firewall. The firewall will then be configured to communicate with the IAS server.
Follow these steps with the domain controller on the Internal Network to configure the IAS server:
1. Click Start , Administrative Tools. Click Internet Authentication Service.
2. In Internet Authentication Service console, expand Internet Authentication
Service (Local) node. Right click on RADIUS Clients node and click New RADIUS
Client.
3. On the Name and Address page of the New RADIUS Client wizard , fill in the Friendly-name of ISA Server 2004 Firewall computer in the Friendly name text box. Simply, this name is used to identify the RADIUS client and is not used for operational purposes. Fully insert FQDN name ( EXCHANGE2003BE. MSFIREWALL.ORG ) , or the IP address of ISA Server 2004 Firewall computer in Client address (IP or DNS) text box.
4. Click Verify . In the Verify Client dialog box, the FQDN- fully qualified domain name of ISA Server 2004 Firewall computer will appear in the Client text box. Click Resolve . If the RADIUS server can resolve the Name, the IP address will appear in the IP address frame . If the RADIUS server cannot resolve the IP Address name, this should be noted to the Admin that the hostname of the ISA Server 2004 Firewall has not been created in the DNS server (no record has been created for the Server). If this is the case, you can give two solutions: Create A Record for ISA Server on the DNS server installed on the Domain controller, or you can use IP address on the Internal interface ( 10.0.0.1 ) of the ISA Server 2004 Firewall in Client address (IP and DNS) text box belongs to Name or Address page (mentioned above). Click OK in the Verify Client dialog box. The purpose of the settings in this section is to turn the ISA Server 2004 Firewall into a RADIUS Client, then keep the RADIUS server and the RADIUS Client ready to collaborate.
5. Click Next on the Name and Address page of the New RADIUS Client wizard.
6. On the Additional Information page of the wizard, use the default Client-Vendor entry, the standard of RADIUS. Enter a password in the Shared secret text box and confirm this password . The secret password is shared (only the ISA Server 2004 Firewall and RADIUS server), and use this "signal" to work together. Shared Secret contains at least 8 characters (both mixed and normal, numbers and special characters .). Check to Request must contain the Authenticator attribute check box. Click Finish.
7. You should now see the New RADIUS client entry appear on the console
8. Close Internet Authentication Service console.
The next configuration on ISA Server 2004 Firewall to recognize its partner is the RADIUS server, the configuration will be carried out through this ISA Server 2004 Firewall and RADIUS server administration interface to assume the role of authentication bridges from the Web and VPN clients.
Conclude:
In this chapter we mentioned the Microsoft Internet Authentication Server, how to install and configure an IAS server on the Domain controller of the Internal Network domain. In the next section of the tutorial, we will use this IAS server to authenticate external requests (incoming requestst of Web / VPN Clients) to access the Web / VPN server.
(Please read Chapter 4 .)
Released chapters:
- Installing and configuring the 2004 ISA Server Firewall - Chapter 2 Installing Certificate Services
- Installing and configuring the 2004 ISA Server Firewall - Chapter 1
Ho Viet Ha - Owner
Network Information Security Vietnam, Inc.
http://nis.com.vn
Email: networksecurity@Nis.com.vn
You should read it
- Learn about firewalls, Windows Firewall on Windows Server 2012
- What is a firewall? General knowledge about Firewall
- What is the RADIUS protocol?
- Installing, configuring and administering ISA Server 2004 Firewall
- How to set up an internal RADIUS Server - Part 2
- Configure advanced firewall in Windows Server 2008 using the MMC snap-in
- Overview of Windows Server 2008 Firewall with advanced security features
- Rounded Corner in CSS
May be interested
- Configure the firewall after installing Windows XP SP2after installing windows xp service pack 2 (sp2), you will see some changes to the firewall system; and depending on the system, you may have to adjust the firewall's configuration to make it more stable.
- Installing, configuring, and testing Exchange 2007 CCR on Mailbox Server (Part 2)in part 1 of this series, i talked about installing the windows 2003 cluster. the second part of this series will install the required windows components by exchange server 2007 as well as configure majority node set (mns) quorum with file share witness. finally, the activation and configuration of transmission on the hu server
- Instructions for installing and configuring Microsoft Security Essentialsto provide a basic level of security in a small server environment, users can install microsoft security essentials with some simple changes, but most of the functions of windows defender.
- Instructions for installing MS SQL Serverthis is a step by step guide to installing ms sql server.
- How to Configure Users and Groups in OS X Mavericks Server App 3.Xconfiguring users and groups in the server app is a very simple process, but before configuring these settings the server app must be installed and open directory set up. if you're ready to start adding users and groups continue at step 1....
- FTP security with Firewall ISA 2006 (Part 2)in the previous section we explored the issue with the ftp server using the isa 2006 firewall system.
- Configuring Exchange Client Access with ISA 2006 (Part 2)in this article, we will look at configuring the exchange cas / front-end and isa server with the authentication mechanism required to work.
- 5 reasons why you should use a firewallwhat is the firewall used for? can you be safe without it? keep reading to find out why you really need a firewall.
- How to protect DNS server against hackersour network is usually protected by a firewall software. but my predecessor put both the primary / secondary dns server, responsible for dealing with domains outside the network world that are protected by firewalls. c&a
- Installing, configuring and testing Exchange 2007 CCR on Mailbox Server (Part 1)exchange server 2007 introduces a number of new features, one of which is the cluster continuous replication (ccr) feature. this feature requires the log file transfer of the new exchange server 2007 and replay features, plus a combination of them.