Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] "Radius server not responding"

To: nora tay <[email protected]>, [email protected]
Subject: Re: [FW1] "Radius server not responding"
From: Peter Goodridge <[email protected]>
Date: Thu, 9 Nov 2000 18:36:38 -0800 (PST)
Sender: [email protected]

Hi Nora Tay,

First off the management server is not in the loop. 
All the RADIUS traffic is from the firewall to the
RADIUS server directly.

Next if you are accepting fw1 control connections in
policy properties you are also accepting RADIUS
coonections from your firewalls.  This may mask the
rules you set up for RADIUS traffic.

You'll also need to check your NAT rules and define
the RADIUS server with a public and/or private address
depending on the NAT rules.

If you are not seeing all this traffic in the logs do
not be surprised.  My RADIUS traffic doesn't always
show in the logs.  I suspect it's because the traffic
is originating from the firewall itself, and I'm only
chekcing packets inbound to the firewall.  If you
change in policy->properties Apply gateway rules from
inbound to eitherbound you should log more
information.

Let me know if you have more questions.

HTH,
Pete Goodridge

--- nora tay <[email protected]> wrote:
> 
> guru's
> 
> Please help.
> 
> I had setup two NOKIA IP650 running VRRP and
> clustered.  And I had a Radius 
> server (CISCO) in a internal network. My management
> Console is on a public 
> address )(the management console have static route
> to my Radius server)They 
> can ping each others.
> 
> But I had encounter this messages "Radius Server not
> responding" when a 
> client telnet in.  I had check the log of FW, but I
> don't see any outgoing 
> traffic from the FW to Radius server.
> 
> Can someone tell or direct to a document, explain
> how the Client Authication 
> work while using external radius server for
> authication, I need to known the 
> flow of the traffic to solve the problem,
> 
> Or can someone help me with this.
> 
> Millions thank you.
> 
> 
> 
> 
> 
>
_________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at
> http://www.hotmail.com.
> 
> Share information about yourself, create your own
> public profile at 
> http://profiles.msn.com.
> 
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================

__________________________________________________
Do You Yahoo!?
Thousands of Stores.  Millions of Products.  All in one Place.
http://shopping.yahoo.com/

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Action drop - Rule 0
Next by Date: RE: [FW1] "Radius server not responding"
Previous by thread: RE: [FW1] "Radius server not responding"
Next by thread: [FW1] FW-1 and Cisco IOS VPN. Is that possible ?
Index(es):
- Date
- Thread