yourfirstserver.com

Respond To A Certificate-based EAP Connection On Windows Server 2k3

Tweet

EAP is intended to be used in network access authentication between Layer 2 and Layer 3 of the OSI model, where IP layer connectivity may not be available. Windows Server 2003 operating system allows you to secure your WAN connections over demand-dial interfaces using certificate-based EAP protocol. To do this, you may have to configure one end of demand-dial link to initiate a certificate-based EAP connection and the other end of WAN link to answer the certificate-based EAP call.

In the coming paragraphs you’ll learn how to set up Windows Server 2003 operating in order to respond a certificate-based EAP connection over demand-dial interfaces. This article is written for LAN administrators, Windows Administrators and students preparing Windows server 2003 certifications. It can be useful also for people studying for the CCNA (Cisco Certified Network Associate) certification exam.

Upon the completion of the following instructions, you’ll be able to secure your WAN connections over demand-dial interfaces using certificate-based EAP:

Step 1: Open Routing and Remote Access MMC (Microsoft Management Console).

Step 2: Click with the right button on the name of the remote access router, and then click on Properties.

Step 3: Click on Authentication Methods located under the Security tab.

Step 4: Activate the check box “Extensible authentication protocol (EAP)”, and then click on OK in the dialog box “Authentication Methods”.

Step 5: Click on OK.

Step 6: In the tree structure of the console, double-click on the name of the router, and then click on Remote Access Policies.

Step 7: Click with the right button of your mouse on the remote access policy which will be use by certificate-based routers, click on Properties, and then click on Edit profile in the details pane.

Step 8: Under the tab “Authentication”, activate the check box “Extensible Authentication Protocol”, click on Smart card or other certificate (TLS), and then click on Configure.

Step 9: In the dialog box “Smart Card or Other Certificate (TLS) Properties”, select the certificate that you want to use, and then click on OK.

Step 10: Click on OK in order to save the profile’s parameters.

Step 11: Click on OK to save them parameters of the policy.

When configuring the router that should initiate the EAP authentication, keep in mind that if the Authority of certification root of the answering router does not appear, then it is possible that the certificate of this Authority of certification is in the personal store rather than in the store of trusted root certification authorities

Finally, take into account that you should be a member of the Administrators group in order to execute the following procedure. If you opened a session with identification information of a member of the Administrators security group, you can also open the Routing and Remote Access MMC (Microsoft Management Console) by double-clicking on Routing and distant access located in the Administrative Tools folder, which you can it by clicking on Start and then click on Control panel. It is suggested to right-click the Routing and Remote Access icon and then click on Run As option rather than to open a Windows session using the credentials of a member of the Administrators group.

Find More Windows Server Articles