VPN user accesses the VPN server in the domain through ISA (CA certificate)

In general, VPN users are connected to the VPN server is to enter the password, if so, in some public places when the password is likely to cause leakage of passwords, resulting in unnecessary losses. Password Authentication protocol Although the hardware requirements are not as high as the Challenge Handshake protocol, however, in terms of security, it is still a distance from the challenge handshake agreement. The specific authentication protocol to be used, the user should be judged according to their security level. The experiment I did today is that when a VPN user connects to a VPN server outside the network to access resources within the domain, it does not need to enter a password, but authenticates the VPN user through the CA server.

Experimental environment: Beijing intranet domain controller, DNS server, CA server, RADIUS server, IP 10.1.1.1.shanghai for ISA Server, VPN server intranet network card IP for 10.1.1.254, External network card 192.168.0.199,tianjin for the external network of clients, IP for 192.168.0.123. Note: Shanghai in workgroup environment

Since CA authentication is so sure to be supported by a certificate to implement a CA encryption connection, first install the certificate and the certificate is installed on the domain controller. How do I install the certificate?

First, install CA Certificate Server

First start--settings--Control Panel--Add removal program--Add or remove Windows Components--Certificate Services. The following dialog box appears next.

We issue an enterprise root certificate

Name of the company that wrote the certificate. We're defined as "itet."

After clicking "Next", the wizard prompts to install this book must suspend Interbet service, we choose "Yes"