Microsoft IAS/RADIUS, AD Policies vs Local Policies



  • I have successfully set up External XAuth for NSR users and can set the users’ IP, DNS and WINS.

    I have nearly 30 5GTs across the country and I can’t get approval for NSM. I want to use the IP Packet Filters built into the IAS Profile I created to manage traffic for the NSR VPN users; however the Netscreen does not seem to follow these rules. In my AD user account, I have “Control access through Remote Access Policy” checked under the Dial-in tab. In the IAS Profile, I added a restriction for specific TCP/UDP destination ports (aka a Service), but the Netscreen permits all traffic specified in the local policy.

    Anyone know if the Netscreen can/will adhere to the IP Packet Filters in the IAS Profiles?



  • No the Netscreen will not respond to those reply attributes. The Netscreen implemention of Radius is very limited. Basically you can send IP and DNS/WINS, admin rights, user group, Vsys name, and that’s about it. Check the Netscreen radius dictionary and you will see there is very little there.


 

20
Online

38.4k
Users

12.7k
Topics

44.5k
Posts