Microsoft Internet Security and Acceleration Server 2004 SDK |
The EnableEAP property gets or sets a Boolean value that indicates whether the Extensible Authentication Protocol (EAP) is enabled. In ISA Server, EAP is used only with the Transport Level Security authentication scheme (EAP-TLS) for incoming connections.
HRESULT get_EnableEAP( VARIANT_BOOL* pfEnableEAP ); HRESULT put_EnableEAP( VARIANT_BOOL fEnableEAP );
This property is read/write. Its default value is VARIANT_FALSE.
EAP can be used to provide an added layer of security to Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP) VPN connections. EAP enables this functionality through certification authority (CA) and smart card technologies, which provide mutual authentication of the VPN client and the VPN server. To use EAP in a VPN scenario, the server must be configured to accept EAP authentication as a valid authentication method and it must have a user certificate (X.509). The client must be configured to use EAP, and either have a smart card (with a smart card certificate installed) or a user certificate.
On a computer running Windows Server 2003, multiple EAP types are supported. Enabling EAP through this property adds the EAP-TLS type to the list of EAP types that can be used on the computer, and disabling EAP through this property removes the EAP-TLS type from the list of EAP types. If no EAP type remains on the list, EAP is disabled on the computer.
On a Windows 2000 computer, only one EAP type can be enabled. If an EAP type with an authentication scheme other than TLS is enabled, an attempt to enable EAP-TLS in ISA Server through this property will fail. Similarly, an attempt to disable EAP with an authentication scheme other than TLS through this property will also fail.
The EnableEAP property gets or sets a Boolean value that indicates whether the Extensible Authentication Protocol (EAP) is enabled. In ISA Server, EAP is used only with the Transport Level Security authentication scheme (EAP-TLS) for incoming connections.
Property EnableEAP As Boolean
This property is read/write. Its default value is False.
EAP can be used to provide an added layer of security to Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP) VPN connections. EAP enables this functionality through certification authority (CA) and smart card technologies, which provide mutual authentication of the VPN client and the VPN server. To use EAP in a VPN scenario, the server must be configured to accept EAP authentication as a valid authentication method and it must have a user certificate (X.509). The client must be configured to use EAP, and either have a smart card (with a smart card certificate installed) or a user certificate.
On a computer running Windows Server 2003, multiple EAP types are supported. Enabling EAP through this property adds the EAP-TLS type to the list of EAP types that can be used on the computer, and disabling EAP through this property removes the EAP-TLS type from the list of EAP types. If no EAP type remains on the list, EAP is disabled on the computer.
On a Windows 2000 computer, only one EAP type can be enabled. If an EAP type with an authentication scheme other than TLS is enabled, an attempt to enable EAP-TLS in ISA Server through this property will fail. Similarly, an attempt to disable EAP with an authentication scheme other than TLS through this property will also fail.
Server: Requires Windows Server 2003 or
Windows 2000.
Version: Requires Internet Security and Acceleration
Server 2004.
Header: Declared in Msfpccom.idl.
Library: Use Microsoft Internet Security and Acceleration
Server 2004 Administration Library.