Checklist: Configuring IAS for dial-up and VPN access
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Checklist: Configuring IAS for dial-up and VPN access
| Step | Reference |
|---|---|
Review RADIUS and IAS concepts. |
|
Review IAS implementation best practices. |
|
Review IAS security issues. |
|
Install IAS on the servers to be used as IAS servers. (One server is configured first, and then the configuration is copied to the other server or servers.) |
|
Configure the properties of one IAS server, including the ports used and event log settings. |
|
Add the access servers (the dial-up network access servers and VPN servers) as clients on the same IAS server. |
|
Set up the remote access policies that reflect your dial-up and VPN connection requirements on the same IAS server. |
Introduction to remote access policies; Configure Remote Access Policies |
Configure logging methods for user authentication and accounting requests. |
|
Copy the IAS configuration from the first IAS server to additional IAS servers. |
|
Register the IAS servers in the appropriate Active Directory domains. |
Enable the IAS server to read user accounts in Active Directory |
Verify the configuration of RADIUS accounting and authentication on the access servers, ensuring that IAS is configured on all access servers as the authentication and accounting provider. |
IAS as a RADIUS server design considerations; Use RADIUS authentication; Use RADIUS accounting;Remote Access; Manufacturer's documentation |
Verify that the access servers are properly configured for dial-up and VPN connections. |
Routing and Remote Access; Manufacturer's documentation |
Notes
For more information about how to deploy IAS with Routing and Remote Access, see Dial-up and VPN remote access.
You can configure IAS in Windows Server 2003, Standard Edition, with a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the IAS server uses the first IP address returned in the DNS query. With IAS in Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure RADIUS clients by specifying an IP address range.