Microsoft IAS/RADIUS, AD Policies vs Local Policies

  • I have successfully set up External XAuth for NSR users and can set the users’ IP, DNS and WINS.

    I have nearly 30 5GTs across the country and I can’t get approval for NSM. I want to use the IP Packet Filters built into the IAS Profile I created to manage traffic for the NSR VPN users; however the Netscreen does not seem to follow these rules. In my AD user account, I have “Control access through Remote Access Policy” checked under the Dial-in tab. In the IAS Profile, I added a restriction for specific TCP/UDP destination ports (aka a Service), but the Netscreen permits all traffic specified in the local policy.

    Anyone know if the Netscreen can/will adhere to the IP Packet Filters in the IAS Profiles?

  • No the Netscreen will not respond to those reply attributes. The Netscreen implemention of Radius is very limited. Basically you can send IP and DNS/WINS, admin rights, user group, Vsys name, and that’s about it. Check the Netscreen radius dictionary and you will see there is very little there.