Checklist: Configuring IAS to outsource dial-up access

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Checklist: Configuring IAS to outsource dial-up access

Step Reference

Review RADIUS and IAS concepts.

IAS Overview; Understanding IAS

Review IAS implementation best practices.

IAS Best Practices

Review IAS security issues.

Security information for IAS

Configure the firewall to support the IAS servers in the perimeter network.

IAS and firewalls

Install IAS on the servers to be used as primary and backup IAS servers.

Install IAS

Add the Internet service provider (ISP) RADIUS proxies and the VPN servers as clients on the primary IAS server.

Configure RADIUS Clients; Contact the Internet service provider (ISP)

Configure the remote access policies that reflect your dial-up and VPN connection requirements on the primary IAS server.

Introduction to remote access policies; Configure Remote Access Policies

Configure logging methods for user authentication and accounting requests.

Configure Logging for User Authentication and Accounting

Copy the IAS configuration from the primary IAS server to the backup and remote IAS servers.

Copy the IAS configuration to another server

Register the primary and backup IAS servers in the appropriate Active Directory domains.

Enable the IAS server to read user accounts in Active Directory

Verify the configuration of RADIUS accounting and authentication on the VPN servers. Ensure that IAS is configured on all VPN servers as the authentication and accounting provider.

IAS as a RADIUS server design considerations; Use RADIUS authentication; Use RADIUS accounting; Remote Access; Manufacturer's documentation

Verify that the VPN servers are correctly configured for VPN connections.

Virtual Private Networks;Routing and Remote Access; Manufacturer's documentation

Verify the configuration of the RADIUS proxies at the ISP.

Contact the ISP

Verify that Connection Manager service profiles have been configured to support access to the corporate network, and that they work correctly (with Connection Point Services support, as required).

Connection Manager Administration Kit

Notes

  • For information about how to deploy IAS with outsourced dial-up access, see Outsourced VPN remote access.

  • You can configure IAS in Windows Server 2003, Standard Edition, with a maximum of 50 RADIUS clients and a maximum of 2 remote RADIUS server groups. You can define a RADIUS client using a fully qualified domain name or an IP address, but you cannot define groups of RADIUS clients by specifying an IP address range. If the fully qualified domain name of a RADIUS client resolves to multiple IP addresses, the IAS server uses the first IP address returned in the DNS query. With IAS in Windows Server 2003, Enterprise Edition, and Windows Server 2003, Datacenter Edition, you can configure an unlimited number of RADIUS clients and remote RADIUS server groups. In addition, you can configure RADIUS clients by specifying an IP address range.