Multitech RouteFinder RF560VPN User manual
RF560VPN
RF560VPN PPTP with Windows IAS Radius Server
Reference Guide
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 2
How to: Setup Windows 2000 IAS Server to Work with
RF560VPN PPTP Server
Copyright
Copyright © 2002
This publication may not be reproduced, in whole or in part, without prior expressed written permission
from Multi-Tech Systems, Inc. All rights reserved. Multi-Tech Systems, Inc. makes no representations or
warranty with respect to the contents hereof and specifically disclaims any implied warranties of
merchantability or fitness for any particular purpose. Furthermore, Multi-Tech Systems, Inc. reserves the
right to revise this publication and to make changes from time to time in the content hereof without
obligation of Multi-Tech Systems, Inc. to notify any person or organization of such revisions or changes.
Product Number S000311A
Revision Date Description
A 8-19-2003 Initial release
About This Document
This document is broken down into two sections. Section one explains how to configure the RF560VPN
as a secure PPTP server. Section two explains how to setup your IAS server for Windows 2000.
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 3
Section 1
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 4
Configuring RF560VPN for PPTP
1. Connect a workstation to one of the RF560VPN’s LAN ports via Ethernet at Site A.
2. Set the workstation IP address to 192.168.2.x subnet.
3. Apply power to the RF560VPN RouteFinder and allow the LEDs to stabilize on the unit.
4. Bring up your web browser on the workstation. At the Web browser’s address line, type the Gateway
address http://192.168.2.1 and press the Enter key.
Note: Make sure your workstation’s IP address is in the same network as the router’s address.
WINIPCFG and IPCONFIG are tools for finding a computer’s default gateway and MAC address. In
Windows 98/Me you can type WINIPCFG. In Windows 2000/NT, you can type IPCONFIG.
5. After typing the IP Address in the Web browser, the RF560VPN main menu displays.
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 5
6. On the Main Menu, click the Setup Wizard button. The Password dialog box displays.
7. Type admin (admin is the default user name) in the user name box and leave the password box
empty.
Note: To change your password after logging in, select the Advanced Settings button and
Administrative Settings.
8. Click OK. The Setup Wizard screen displays a step-by-step process that lets you input all of the
basic settings to configure your RF560VPN.
9. Select the Time Zone, and then click the Next button to continue.
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 6
10. For Device IP Settings enter the internal LAN IP address and subnet mask that you want assigned
to the LAN ports of the RF560VPN. This is not the IP address from your ISP but the local internal
LAN IP address. The default IP address is 192.168.2.1 and will be used for our example.
Device IP Address: 192.168.2.1.
Device IP Subnet Mask: 255.255.255.0
Click the Next button.
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 7
11. For ISP Settings, select Static IP Settings and enter the following information.
a) IP Assigned by your ISP: This is the IP address of the WAN port on the RF560VPN at Site A.
(Ex: 204.26.122.103)
b) IP Subnet Mask: This is the IP address of the subnet mask for the WAN port on the RF560VPN.
(Ex: 255.255.255.0)
c) IP Gateway Address: This is the IP address of the WAN port on the RF560VPN at Site B. (Ex:
204.26.122.50)
Click the Next button.
Note: For this scenario of connecting two RouteFinders back-to-back it is not necessary to enter any
information for the ISP Additional Settings or Modem Settings.
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 8
12. Click the button on the left side of the screen for VPN Settings. Use this screen to setup your LAN-
to-Client VPN connection.
13. Select PPTP Settings.
a) Place a checkmark in Enable PPTP Function and create a PPTP IP Pool from 192.168.2.190 to
192.168.2.200.
b) Place a checkmark in NETBIOS Enable and specify a DNS Server as 204.26.122.2 and WINS
Server as 204.26.122.3.
c) Specify User Authentication as MS-CHAP.
d) Specify Encryption Strength as 128 bit.
e) Enable Use RADIUS Authentication.
f) Specify RADIUS Port as 1812.
g) Specify RADIUS Server IP Address as 192.168.2.100
h) Specify Secret password that will match the password for RADIUS Server.
i) Once the VPN PPTP settings are entered, click on the Next button to save these settings.
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 9
15. After you have finished making all the changes on the various pages, click Save and Restart to save
the settings and restart the device. After the restart, the device will function according to the saved
settings.
16. During the save and restart process, system messages will let you know that you have successfully
configured the settings for the device and saved the settings. You will see a status bar across the
bottom of your browser showing the progress of the startup process. The RouteFinder home page will
be loaded automatically after restart is completed.
This completes the configuration of the RF560VPN at Site A.
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 10
HOW TO: Configure a Primary Internet Authentication
Service Server on a Domain Controller
This step-by-step article describes how to install and configure Microsoft Internet Authentication Service
(IAS) on a domain controller. This applies to Windows 2000 Server and Advanced Server.
IAS can run as a Remote Authentication Dial-In User Service (RADIUS) server. You can use IAS for
centralized authentication and accounting of multiple Routing and Remote Access Service (RRAS)
servers.
To install IAS:
1. Click Start, point to Settings, and then click Control Panel.
2. Double-click Add/Remove Programs, and then click Add/Remove Windows Components.
3. In the Components list, click the words Networking Services (but do not select or clear its
check box), and then click Details.
4. Click to select the Internet Authentication Service check box, and then click OK.
5. Click Next, and then click Finish.
6. In the Add/Remove Programs dialog box, click Close.
7. To start IAS, click Start, point to Programs, point to Administrative Tools, and then click
Internet Authentication Service.
Enable IAS to Authenticate Users in Active Directory
To register the IAS service in Active Directory:
1. Start the IAS snap-in. To do this, click Start, point to Programs, point to Administrative Tools,
and then click Internet Authentication Service.
2. On the Action menu, click Register Service in Active Directory.
3. Click OK to confirm the IAS registration in the local domain, and then click OK.
Configure IAS Properties
1. Start the IAS snap-in. To do this, click Start, point to Programs, point to Administrative Tools,
and then click Internet Authentication Service.
2. Right-click Internet Authentication Service (Local), and then click Properties.
3. In the Description box, type the friendly name that you want to call this IAS server.
4. Click to clear the Log rejected or discarded authentication requests check box if you do not
want to record these events.
NOTE: You can use this log file to help you to determine if unauthorized individuals are
attempting to be authenticated in the domain.
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 11
5. Click to clear the Log successful authentication requests check box if you do not want to
record these events.
NOTE: You can use this log file to help you to determine usage patterns of remote users.
6. Click the RADIUS tab. Note the authentication and accounting port numbers. Set authentication
to 1812, matching the routefinder. If your IAS server is configured behind a firewall, you may
need to open these ports to allow authentication and accounting of the remote users.
7. Click the Realms tab. The Realms rules are used to define how the user identity is manipulated
before the name is checked for existence. To add a Realm:
1. Click Add.
2. In the Find box, type the form of the user identity that you expect to receive during an
authentication attempt. In the Replace box, type the manner in which you would like to
format the identity, and then click OK. For example:
§To remove a realm (example: @example.com) from which an identity may
originate, type @example.com in the Find box, and leave the contents of the
Replace box blank.
§To replace a User Principal Name (UPN)(@) format with that of the Universal
Naming Convention (UNC)(\) format, type (.*)@(.*) in the Find box, and then type
$2\$1 in the Replace box.
§To replace \ with \, type (.*)@(.*) in the Find box, and then type \$2 in the
Replace box.
§To convert a user name to a UPN name, for example, to change to , type $ in the
Find box, and then type @domain.com in the Replace box.
8. When you are finished adding items to the Realm list, click OK.
9. Quit the IAS snap-in.
Configure IAS Client Computers
Add Network Access Server (NAS) client computers to the IAS server. The NAS clients are remote
access or Virtual Private Network (VPN) servers that submit authentication requests to the IAS server on
behalf of the remote users. To configure NAS clients:
1. Start the IAS snap-in. To do this, click Start, point to Programs, point to Administrative Tools,
and then click Internet Authentication Service.
2. Right-click Clients, and then click New Client.
3. In the Friendly name box, type the name that you want to call this NAS client, and then click
Next.
4. In the Client address (IP or DNS) box, type the fully qualified domain name (FQDN) of the client
computer, and then click Verify.
5. Click Resolve to resolve the DNS name.
6. When the correct IP address for the Routing and Remote Access Server (RRAS) appears in the
Search results box, click Use this IP.
7. In the Client-Vendor list, leave the default selection of RADIUS Standard unless you are
configuring a non-standard RADIUS client.
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 12
8. In the Shared secret box, type a password that both the IAS server and the NAS client will use to
mutually authenticate.
NOTE: You will need to enter this password on the NAS client computer. This password is case-
sensitive, can use alphanumeric characters as well as special characters, and can be up to 255
characters in length. A longer "shared secret" is more secure than a shorter one.
9. Retype the password in the Confirm shared secret box, and then click Finish. The client is
listed in the right pane of the Internet Authentication Service snap-in window.
Configure Remote Access Policies
When you configure your RRAS servers to use an IAS server for authentication, the Remote Access
Policies on the individual RRAS servers are no longer used. Instead, you must configure remote access
policies on the IAS server to control authentication for all remote access clients.
Create a Remote Access Policy
1. Start the IAS snap-in. To do this, click Start, point to Programs, point to Administrative Tools,
and then click Internet Authentication Service.
2. Click Remote Access Policies.
3. In the right pane of the Internet Authentication Service snap-in window, right-click Allow
access if dial-in permission is enabled, and then click Delete. Click Yes to confirm the
deletion.
4. On the Action menu, click New Remote Access Policy. Create a new remote access policy and
add the two rules. For additional information about how to create remote access policies, review
the references at the end of this document.
5. Now stop and restart the IAS client computer.
IAS Server Setup in Windows 2000
Multi-Tech Systems, Inc. Reference Guide 13
REFERENCES
For more information about IAS, view the following Microsoft Web site:
http://www.microsoft.com/windows2000/en/server/help/default.asp?url=/windows2000/en/server/help/sag
_ias_usingtop.htm
Additional information about RADIUS is contained in the following Request for Comment documents:
RFC 2138
RFC 2139
To view these documents, view the following Web sites:
http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2138.html
http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2139.html
Other manuals for RouteFinder RF560VPN
3
Other Multitech Server manuals
Multitech
Multitech FaxFinder FF240-IP Service manual
Multitech
Multitech TalkAnytime TA410 User manual
Multitech
Multitech CommPlete 4000 User manual
Multitech
Multitech FaxFinder FF130 Service manual
Multitech
Multitech FaxFinder FF240-IP User manual
Multitech
Multitech MA6 User manual
Multitech
Multitech RASFinder RF300E User manual
Multitech
Multitech TalkAnytime TA2410 User manual
Multitech
Multitech MultiModem iSMS SF100-G Service manual
Multitech
Multitech MultiAccess MULTIACCESS MA30120 User manual
Multitech
Multitech SocketEthernetIP EN60601 User manual
Multitech
Multitech MultiModem iSMS SF100-G User manual
Multitech
Multitech TalkAnytime TA2410 User manual
Multitech
Multitech FaxFinder User manual
Multitech
Multitech ProxyServer MTPSR1-202ST User manual
Multitech
Multitech PROXYSERVER MTPSR1-120 User manual
Multitech
Multitech FaxFinder FF-120 User manual
Multitech
Multitech MultiModem iSMS SF100-G User manual
Multitech
Multitech MTASR3-200 User manual
Multitech
Multitech FaxFinder FF240 User manual
