In the console tree of ISA Server Management, click
Virtual Private Networks (VPN).
In the details pane, click the VPN Clients tab.
On the Tasks tab, click Configure VPN Client
On the User Mapping tab, click Enable User
If the user name to be mapped does not include a domain name,
select When username does not contain a domain, use this
domain. Then, in Domain Name, type the name of the
domain to use.
To open ISA Server Management, click Start, point to
All Programs, point to Microsoft ISA Server, and then
click ISA Server Management.
For ISA Server 2006 Enterprise Edition, expand
Microsoft Internet Security and Acceleration
Server 2006, expand Arrays, expand
Array_Name, and then click Virtual Private
For ISA Server 2006 Standard Edition, expand Microsoft
Internet Security and Acceleration Server 2006, expand
Server_Name, and then click Virtual Private
If the Remote Authentication Dial-In User Service (RADIUS)
server and ISA Server are in different domains (or if one is in a
workgroup), user mapping is supported only for Password
Authentication Protocol (PAP) and Shiva Password Authentication
Protocol (SPAP) authentication methods. Do not use user mapping if
any other authentication method is configured.
User mapping can be used only when ISA Server is installed in a
domain. Do not enable user mapping in a workgroup environment.
The user mapping feature is required only when you create a
group-based firewall policy. To build a user-based policy, you can
define user sets with RADIUS namespaces, instead.