How to Centralize Remote Access Policies Using RADIUS

Remote access policies are local to the Windows Server 2003 where they are created. Therefore, you cannot synchronize remote access policies between servers. In addition, because remote access policies cannot be integrated with Active Directory, they can’t really be replicated as part of Active Directory replication.

If you have more than one remote access server, rather than administer the remote access policies of all the remote access servers separately, you can configure a single server with the Internet Authentication Service (IAS) as a Remote Authentication Dial-In User Service (RADIUS) server and configure the remote access servers as RADIUS clients. The IAS server provides centralized remote access authentication, authorization, accounting, and auditing. This provides a powerful way to centralize remote access policies, especially in large distributed environments.

When you configure the properties of the server running Routing and Remote Access, select RADIUS authentication as the authentication provider. Once the remote access servers are configured to use RADIUS authentication, the remote access policies stored on the remote access servers are no longer used. Instead, the remote access policies stored on the IAS server are used. Therefore, if one of the remote access servers contains the current set of remote access policies that are applied to all of the remote access servers, you can copy the remote access policies to the IAS server. Click here for the step-by-step procedure for copying the remote access policies to another server.