The RADIUS authentication process in ISA Server 2006 and ISA Server 2004

This article discusses Remote Authentication Dial-In User Service (RADIUS) authentication in Microsoft Internet Security and Acceleration (ISA) Server 2006 and ISA Server 2004.

RADIUS authentication is useful when ISA Server is installed in workgroup mode. RADIUS servers do not require domain membership of RADIUS clients. The ISA Server computer acts as a RADIUS client from which authentication requests originate. ISA Server passes information about a user to a designated RADIUS server and then acts on the response that the RADIUS server returns. Transactions between the ISA Server computer and the RADIUS server are authenticated by a shared secret. The shared secret is never sent over the network.

RADIUS servers authenticate the following requests:

• Incoming remote client virtual private network (VPN) requests to ISA Server
• Outgoing requests from internal clients
• Requests from external clients in publishing scenarios

For more information about how to use RADIUS authentication for ISA Server 2006, visit the following Microsoft Web site:

For more information about how to use RADIUS authentication for ISA Server 2004 VPN remote client connections, visit the following Microsoft Web site:

For more information about Outlook Web Access server publishing in ISA Server 2004 by using RADIUS and Forms-based client authentication, visit the following Microsoft Web site: