Configure Authentication Methods

Updated: April 30, 2010

Applies To: Windows Server 2008, Windows Server 2008 R2

By default, the answering router is configured to accept either EAP-TLS or MS-CHAP v2 as the authentication method. To increase security, use either EAP-TLS alone or EAP-TLS along with MS-CHAP v2. Alternatively, you can use MS-CHAP v2 with passwords for user authentication.

Configure the authentication method on the answering router

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

1. On the answering router, specify which authentication method or methods to accept.

   By default, the answering router is configured to accept either EAP-TLS or MS-CHAP v2.

   • To increase security, if you plan to use EAP-TLS only, clear the MS-CHAP v2 selection.

     -or-

   • To use MS-CHAP v2 with passwords for user authentication, clear the EAP-TLS selection.

   For information about how to add or clear authentication methods, see Enable Authentication Protocols.

2. If you select only EAP-TLS authentication, see Deploying Certificate-Based Authentication for Demand-Dial Routing.

See Also

Concepts

User-Level Authentication
Computer-Level Authentication
Remote Access Authentication Methods