W2K3 VPN & Hardware firewall

I have a d-link dfl-200 firewall between a windows server 2003 domain
controller and the internet. I want to create a vpn for remote users. I
only want users who are in active directory to be authenticated and allowed
access to the internal network. Any help would be greatly appreciated.


cmombo

The DFL-200 supports windows RADIUS. So you should be able to do so. This link may help,

RADIUS Configuration and Issues

Configure RADIUS servers
Provides step-by-step instructions on how to Configure RADIUS servers .... For ISA Server 2004 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server ...

http://www.howtonetworking.com/articles/radius.htm


Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"cmombo" <(E-Mail Removed)> wrote in message news2C705B6-B33C-4EEB-B78D-(E-Mail Removed)...
I have a d-link dfl-200 firewall between a windows server 2003 domain
controller and the internet. I want to create a vpn for remote users. I
only want users who are in active directory to be authenticated and allowed
access to the internal network. Any help would be greatly appreciated.

Thanks Bob. Do I have to use ISA Server 2004 or can I configure my Windows
2003 server as a Remote access/VPN server?

"Robert L [MS-MVP]" wrote:

> The DFL-200 supports windows RADIUS. So you should be able to do so. This link may help,
>
> RADIUS Configuration and Issues
>
> Configure RADIUS servers
> Provides step-by-step instructions on how to Configure RADIUS servers .... For ISA Server 2004 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server ...
>
> http://www.howtonetworking.com/articles/radius.htm
>
>
> Bob Lin, MS-MVP, MCSE & CNE
> Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
> How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
> "cmombo" <(E-Mail Removed)> wrote in message news2C705B6-B33C-4EEB-B78D-(E-Mail Removed)...
> I have a d-link dfl-200 firewall between a windows server 2003 domain
> controller and the internet. I want to create a vpn for remote users. I
> only want users who are in active directory to be authenticated and allowed
> access to the internal network. Any help would be greatly appreciated

Actually you don't need either of those. You configure the D-Link to be
your remote access server. What RADIUS does is offload the authentication to
Windows. You want this so that you can authenticate against AD, rather than
locally on the D-Link. The D-Link is the RADIUS client and the Windows
server is the RADIUS server.

You do not need RRAS or ISA on the Windows server because it is not
acting as a remote access server. All you need is IAS to act as a RADIUS
server and allow authentication against AD.

cmombo wrote:
> Thanks Bob. Do I have to use ISA Server 2004 or can I configure my
> Windows 2003 server as a Remote access/VPN server?
>
> "Robert L [MS-MVP]" wrote:
>
>> The DFL-200 supports windows RADIUS. So you should be able to do so.
>> This link may help,
>>
>> RADIUS Configuration and Issues
>>
>> Configure RADIUS servers
>> Provides step-by-step instructions on how to Configure RADIUS
>> servers .... For ISA Server 2004 Enterprise Edition, expand
>> Microsoft Internet Security and Acceleration Server ...
>>
>> http://www.howtonetworking.com/articles/radius.htm
>>
>>
>> Bob Lin, MS-MVP, MCSE & CNE
>> Networking, Internet, Routing, VPN Troubleshooting on
>> http://www.ChicagoTech.net
>> How to Setup Windows, Network, VPN & Remote Access on
>> http://www.HowToNetworking.com "cmombo"
>> <(E-Mail Removed)> wrote in message
>> news2C705B6-B33C-4EEB-B78D-(E-Mail Removed)... I have
>> a d-link dfl-200 firewall between a windows server 2003 domain
>> controller and the internet. I want to create a vpn for remote
>> users. I only want users who are in active directory to be
>> authenticated and allowed access to the internal network. Any help
>> would be greatly appreciated