Need Help with IAS remote policies

Need Help with IAS remote policies
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Need Help with IAS remote policies lca1630 09-19-2007
Posted by =?Utf-8?B?bGNhMTYzMA==?= on September 19, 2007, 1:58 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I am having issues with adding a wireless remote policy to IAS with an
existing, working VPN policy. Ever since I created the wireless policy,
connections to the VPN have been flaky. I am attempting to come up with a
scheme for the conditions. Right now I have groups - domain users for the
vpn, which works great on its own. I have Nas-port type - Wirless - 802.11
and groups - wifi group for the wireless conditions (syntax not exact).
Which order should they be in, which are the best conditions to use and if
you have any tips on this type of set up please help!!!!

Posted by S. Pidgorny on September 20, 2007, 6:48 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Define "flaky".

The order shouldn't matter: policy will apply only if all of the criteria
and profile math the incoming request: group membership, port type, etc.
If users get denied access then you'll see event in the system log on the
IAS and will be able to identify policy in question. If that's the policy
issue, users won't have access at any time 0 which is not "flaky".

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *


>I am having issues with adding a wireless remote policy to IAS with an
> existing, working VPN policy. Ever since I created the wireless policy,
> connections to the VPN have been flaky. I am attempting to come up with a
> scheme for the conditions. Right now I have groups - domain users for the
> vpn, which works great on its own. I have Nas-port type - Wirless - 802.11
> and groups - wifi group for the wireless conditions (syntax not exact).
> Which order should they be in, which are the best conditions to use and if
> you have any tips on this type of set up please help!!!!



Posted by =?Utf-8?B?bGNhMTYzMA==?= on September 20, 2007, 11:00 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Flaky was used for lack of a better word at the time. Basically I am having
issues with when I create a wirless profile/policy, I find that people are
not being able to log to our VPN. When I remove all instances of my wirless
setup VPN works like it should. In my research once the conditions are
matched, the profile will then be evaluated and then if that matches a
connection should occur. Well, the conditions for the two are completely
different, so it should know which one to choose, right?.
Have you heard of this being a common issue? Please help. Asking me
questions about the setup may help me articulate the issue better.

"S. Pidgorny <MVP>" wrote:

> Define "flaky".
>
> The order shouldn't matter: policy will apply only if all of the criteria
> and profile math the incoming request: group membership, port type, etc.
> If users get denied access then you'll see event in the system log on the
> IAS and will be able to identify policy in question. If that's the policy
> issue, users won't have access at any time 0 which is not "flaky".
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
>
> >I am having issues with adding a wireless remote policy to IAS with an
> > existing, working VPN policy. Ever since I created the wireless policy,
> > connections to the VPN have been flaky. I am attempting to come up with a
> > scheme for the conditions. Right now I have groups - domain users for the
> > vpn, which works great on its own. I have Nas-port type - Wirless - 802.11
> > and groups - wifi group for the wireless conditions (syntax not exact).
> > Which order should they be in, which are the best conditions to use and if
> > you have any tips on this type of set up please help!!!!
>
>
>

Posted by S. Pidgorny on September 21, 2007, 5:17 am
If you were  Registered and logged in, you could reply and use other advanced thread options
When access is denied for the VPN users, what's the corresponding event from
IAS in the system log?
What is the port type for the VPN connection policy?

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

> Flaky was used for lack of a better word at the time. Basically I am
> having
> issues with when I create a wirless profile/policy, I find that people are
> not being able to log to our VPN. When I remove all instances of my
> wirless
> setup VPN works like it should. In my research once the conditions are
> matched, the profile will then be evaluated and then if that matches a
> connection should occur. Well, the conditions for the two are completely
> different, so it should know which one to choose, right?.
> Have you heard of this being a common issue? Please help. Asking me
> questions about the setup may help me articulate the issue better.
>
> "S. Pidgorny <MVP>" wrote:
>
>> Define "flaky".
>>
>> The order shouldn't matter: policy will apply only if all of the criteria
>> and profile math the incoming request: group membership, port type, etc.
>> If users get denied access then you'll see event in the system log on the
>> IAS and will be able to identify policy in question. If that's the policy
>> issue, users won't have access at any time 0 which is not "flaky".
>>
>> --
>> Svyatoslav Pidgorny, MS MVP - Security, MCSE
>> -= F1 is the key =-
>>
>> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>>
>>
>> >I am having issues with adding a wireless remote policy to IAS with an
>> > existing, working VPN policy. Ever since I created the wireless policy,
>> > connections to the VPN have been flaky. I am attempting to come up with
>> > a
>> > scheme for the conditions. Right now I have groups - domain users for
>> > the
>> > vpn, which works great on its own. I have Nas-port type - Wirless -
>> > 802.11
>> > and groups - wifi group for the wireless conditions (syntax not exact).
>> > Which order should they be in, which are the best conditions to use and
>> > if
>> > you have any tips on this type of set up please help!!!!
>>
>>
>>



Posted by =?Utf-8?B?bGNhMTYzMA==?= on September 21, 2007, 11:28 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I am curerntly attempting to capture a live unsuccessful pptp handshake, I
will post my findings when they happen, thanks for your help.

"S. Pidgorny <MVP>" wrote:

> When access is denied for the VPN users, what's the corresponding event from
> IAS in the system log?
> What is the port type for the VPN connection policy?
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
>
> > Flaky was used for lack of a better word at the time. Basically I am
> > having
> > issues with when I create a wirless profile/policy, I find that people are
> > not being able to log to our VPN. When I remove all instances of my
> > wirless
> > setup VPN works like it should. In my research once the conditions are
> > matched, the profile will then be evaluated and then if that matches a
> > connection should occur. Well, the conditions for the two are completely
> > different, so it should know which one to choose, right?.
> > Have you heard of this being a common issue? Please help. Asking me
> > questions about the setup may help me articulate the issue better.
> >
> > "S. Pidgorny <MVP>" wrote:
> >
> >> Define "flaky".
> >>
> >> The order shouldn't matter: policy will apply only if all of the criteria
> >> and profile math the incoming request: group membership, port type, etc.
> >> If users get denied access then you'll see event in the system log on the
> >> IAS and will be able to identify policy in question. If that's the policy
> >> issue, users won't have access at any time 0 which is not "flaky".
> >>
> >> --
> >> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> >> -= F1 is the key =-
> >>
> >> * http://sl.mvps.org * http://msmvps.com/blogs/sp *
> >>
> >>
> >> >I am having issues with adding a wireless remote policy to IAS with an
> >> > existing, working VPN policy. Ever since I created the wireless policy,
> >> > connections to the VPN have been flaky. I am attempting to come up with
> >> > a
> >> > scheme for the conditions. Right now I have groups - domain users for
> >> > the
> >> > vpn, which works great on its own. I have Nas-port type - Wirless -
> >> > 802.11
> >> > and groups - wifi group for the wireless conditions (syntax not exact).
> >> > Which order should they be in, which are the best conditions to use and
> >> > if
> >> > you have any tips on this type of set up please help!!!!
> >>
> >>
> >>
>
>
>

Similar ThreadsPosted
Conflicting IAS remote access policies problem February 14, 2008, 2:19 pm
policies November 13, 2008, 12:59 pm
Making changes to policies April 13, 2006, 9:21 am
Group Policies not working October 12, 2005, 11:35 am
Export IPSec Policies to XML April 25, 2006, 7:04 am
Account Lockout Policies August 30, 2007, 1:14 am
Re: Account Lockout Policies September 4, 2007, 12:45 am
Install program and policies. March 26, 2008, 11:05 am
Re: creating password policies October 16, 2008, 7:42 am
RE: creating password policies November 12, 2008, 2:28 pm

The site map in XML format XML site map

Contact Us | Privacy Policy