Step 2: Configure Network Policy Server
To configure the Network Policy Server
- On the Network Policy Server, start the Network Policy Server tool (nps.msc).
- In the left pane, expand the Policies node to select Network Policies.
- In the right pane, right-click the network policy you want to use for Defender, and then on the shortcut menu click Properties.
- In the dialog box that opens, click the Constraints tab.
- Below the EAP types list, click the Add button.
- In the dialog box that opens, select Defender 5 from the list, and then click OK.
- In the EAP types list, select the Defender 5 entry you have just added, and then click the Edit button below the list. The following dialog box opens:
- Use the following elements:
- Address Type the IP address of the Defender Security Server you want to use for user authentication
- Port Type the port used by the Access Node to which the specified Defender Security Server belongs.
- Shared Secret Type the shared secret that corresponds to the Access Node.
- Click OK.
Step 3: Configure VPN connection on the client computer
In this step, you need to configure the authentication settings of the VPN connection you created on the VPN client computer.
To configure VPN connection
- Open the properties of the VPN connection you created on the VPN client computer in Step 1: Install Defender EAP Agent.
- In the Properties dialog box, click the Security tab.
- Make sure that in the Authentication area you select the Use Extensible Authentication Protocol (EAP) option, and then select Defender 5 (encryption enabled) from the list below the option:
- Click OK to close the dialog box.
Now when you connect through the configured VPN connection on the client computer, a Defender dialog box opens prompting you to type the response provided by your token.
Authenticating via EAP Agent
When you attempt to access information via your VPN, the Defender authentication dialog box is displayed:
In the Response field, type the response displayed on your token. Select OK. If authentication is successful, you are allowed to access the network.
Securing Web sites
You can use Defender to secure access to websites hosted on Microsoft Web Server (IIS). For that you need to use the Defender component called the ISAPI Agent.
The ISAPI Agent acts as an ISAPI filter and requires users to authenticate via Defender in order to get access to the websites hosted on IIS.