Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Redundent IAS Server Questions with certificates and PEAP

Currently we have about 16 5508 ( at diffrent locations) controllers authentication to one DC running IAS. We've noticed some issues with users not being able to connect sometimes and have decided to install IAS on our secondary DC and have half of the controllers point to the new IAS server.

I'm following this guide:

http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml#conwirecli

However, it 3/4 of the way it starts to talk about certificates? I was under the assumption PEAP using IAS does not need client side certificates since it will be authentication to a Active Directly group?

Does anyone have any thoughts on this?

Thanks,

Dan

  • Security and Network Management
4 REPLIES

Re: Redundent IAS Server Questions with certificates and PEAP

Hi Playne,

If you deploy PEAP its a requirement on the server only, not the client. The prupose of the side certificate is to establish a TLS tunnel for the client to send its logon. This is a server side cert only.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________

Re: Redundent IAS Server Questions with certificates and PEAP

I just took a peek at your reference and I understand your possible confusion. That is showing that the client vaildate the certificate the server is sending. This is not a requirement rather its optional.

This prevents a man in the middle attack.

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
New Member

Redundent IAS Server Questions with certificates and PEAP

Thanks George for the help. The server that I'm setting this up for is actually a windows server 2008. The Cisco guide for for setting PEAP with windows server 2003. So when it gets to the cert parts its a little off.

Do you know of any documents for setting up PEAP with Windows server 2008 (NPS)

thanks for the help,

Dan

Hall of Fame Super Silver

Redundent IAS Server Questions with certificates and PEAP

You can find may guides on how to configure 2008 NPS using PEAP.  The WLC config is the same and IAS and NPS are very similar.

Here is one:

http://www.itechtalk.com/thread1887.html

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
403
Views
15
Helpful
4
Replies