[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] IAS(RADIUS) with Nokia IP330
More than likely, Firewall-1 is using PAP authentication which is disabled by default on the IAS for Windows 2000. To enable it, select the Remote Acces Policy(ies) in question, right-click, then click the Edit Profile button. Then select the Authentication page tab, and enable "Unencrypted Authentication (PAP, SPAP). I just recently worked through this myself. Also, like Dan mentioned, you may need to modify the default policy and give your users dial-in permission through the User and Group management tool of Windows 2000. Good luck...Rob -------------------------------------------------------------- Robert Phillips IBM Global Services Network Services - South Chattanooga, TN 37402 rphillips@us.ibm.com-------------------------------------------------------------- |--------+----------------------------------------------> | | Dan Hitchcock <[email protected]> | | | Sent by: | | | [email protected]| | | kpoint.com | | | | | | | | | 02/05/2001 12:35 PM | | | | |--------+----------------------------------------------> >----------------------------------------------------------------------------| | | | To: "'Samuel Wuethrich'" <[email protected]>, "'Emmanuel | | Bailleul'" <[email protected]>, "'Robert Jones '" | | <[email protected]>, | | "'[email protected] '" | | <[email protected]> | | cc: | | Subject: RE: [FW1] IAS(RADIUS) with Nokia IP330 | >----------------------------------------------------------------------------| -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another thought: the default install provides only one rule, which denies access to users who have dialin permission. Modify that rule to allow, grant the user dialin access, and give it another try. You can also add other rules pretty easily (based on NT group membership, etc). Hope that helps... Dan Hitchcock Network [email protected] Xylo, Inc. The work/life solution for corporate thought leaders - -----Original Message----- From: Samuel Wuethrich [mailto:[email protected]] Sent: Monday, February 05, 2001 2:54 AM To: 'Emmanuel Bailleul'; 'Robert Jones '; '[email protected] ' Subject: RE: [FW1] IAS(RADIUS) with Nokia IP330 Additionaly: Have you enabled your users on the Win2000 Domain to use IAS? Can't remember where to set, but I'm aware of because I've stumbled over and over again. sAM - -----Original Message----- From: Emmanuel Bailleul [mailto:[email protected]] Sent: Montag, 5. Februar 2001 10:32 To: 'Robert Jones '; '[email protected] ' Subject: RE: [FW1] IAS(RADIUS) with Nokia IP330 Is Radius an authorized scheme for your fw ? (fw object -> authentication tab) Did u use the syntax DOMAIN\user for your user ? - -----Original Message----- From: Robert Jones To: [email protected] Sent: 03/02/01 07:55 Subject: [FW1] IAS(RADIUS) with Nokia IP330 Has anyone successfully set up IAS for Radius authentication with a Nokia firewall, using Checkpoing FW-1 4.x? I have set up a hyrbid IKE encryption VPN that works great when I use a vpn-1 password. I am now trying to set it up to authorize a user from my win 2000 domain. I set up a Radius Server on the firewall with a shared secret, a network object for the the Radius server, and a vpn user for RADIUS. When I try to log into the VPN with the username for radius, I get a message: Negotiation with firewall failed at site <ip address> has failed. Access denied by RADIUS authentication. I looked in the event viewer and saw the error warning: The user attempted to use an unauthorized authentication method. What am I doing wrong? (I'm sure I'm leaving information out but I would appreciate the help!!!!!) Thanks. BJ Jones ====================================================================== ====== ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ====================================================================== ====== ==== ====================================================================== ========== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ====================================================================== ========== -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBOn7kkxArCuPXdFG6EQK9CQCgqkyzrBPjYuhpzX2FoJZ4dWEJI18AoJTC srnwQMEXYJcgGfoVXI6u6/Xz =+pju -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|