NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] IAS(RADIUS) with Nokia IP330





More than likely, Firewall-1 is using PAP authentication which is disabled by
default on the IAS for Windows 2000.

To enable it, select the Remote Acces Policy(ies) in question, right-click, then
click the Edit Profile button. Then select the Authentication page tab, and
enable "Unencrypted Authentication (PAP, SPAP). I just recently worked through
this myself.

Also, like Dan mentioned, you may need to modify the default policy and give
your users dial-in permission through the User and Group management tool of
Windows 2000.

Good luck...Rob

--------------------------------------------------------------
Robert Phillips
IBM Global Services
 Network Services - South
Chattanooga, TN 37402
rphillips@us.ibm.com--------------------------------------------------------------


|--------+---------------------------------------------->
|        |          Dan Hitchcock <[email protected]>       |
|        |          Sent by:                            |
|        |          [email protected]|
|        |          kpoint.com                          |
|        |                                              |
|        |                                              |
|        |          02/05/2001 12:35 PM                 |
|        |                                              |
|--------+---------------------------------------------->
  >----------------------------------------------------------------------------|
  |                                                                            |
  |       To:     "'Samuel Wuethrich'" <[email protected]>, "'Emmanuel |
  |       Bailleul'" <[email protected]>, "'Robert Jones '"          |
  |       <[email protected]>,                                         |
  |       "'[email protected] '"                        |
  |       <[email protected]>                           |
  |       cc:                                                                  |
  |       Subject:     RE: [FW1] IAS(RADIUS) with Nokia IP330                  |
  >----------------------------------------------------------------------------|




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another thought: the default install provides only one rule, which
denies access to users who have dialin permission.  Modify that rule
to allow, grant the user dialin access, and give it another try.  You
can also add other rules pretty easily (based on NT group membership,
etc).  Hope that helps...

Dan Hitchcock
Network [email protected]
Xylo, Inc.
The work/life solution for corporate thought leaders


- -----Original Message-----
From: Samuel Wuethrich [mailto:[email protected]]
Sent: Monday, February 05, 2001 2:54 AM
To: 'Emmanuel Bailleul'; 'Robert Jones ';
'[email protected] '
Subject: RE: [FW1] IAS(RADIUS) with Nokia IP330



Additionaly: Have you enabled your users on the Win2000 Domain to use
IAS?
Can't remember where to set, but I'm aware of because I've stumbled
over and
over again.

sAM

- -----Original Message-----
From: Emmanuel Bailleul [mailto:[email protected]]
Sent: Montag, 5. Februar 2001 10:32
To: 'Robert Jones '; '[email protected] '
Subject: RE: [FW1] IAS(RADIUS) with Nokia IP330



 Is Radius an authorized scheme for your fw ? (fw object ->
authentication
tab)
Did u use the syntax DOMAIN\user for your user ?

- -----Original Message-----
From: Robert Jones
To: [email protected]
Sent: 03/02/01 07:55
Subject: [FW1] IAS(RADIUS) with Nokia IP330

Has anyone successfully set up IAS for Radius authentication with a
Nokia firewall, using Checkpoing FW-1 4.x?

I have set up a hyrbid IKE encryption VPN that works great when I use
a
vpn-1 password.  I am now trying to set it up to authorize a user
from
my win 2000 domain.  I set up a Radius Server on the firewall with a
shared secret, a network object for the the Radius server, and a vpn
user for RADIUS.  When I try to log into the VPN with the username
for
radius, I get a message: Negotiation with firewall failed at site <ip
address> has failed. Access denied by RADIUS authentication.  I
looked
in the event viewer and saw the error warning: The user attempted to
use
an unauthorized authentication method.

What am I doing wrong? (I'm sure I'm leaving information out but I
would
appreciate the help!!!!!)
Thanks.

BJ Jones



======================================================================
======
====
     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
======================================================================
======
====


======================================================================
==========
     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
======================================================================
==========

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOn7kkxArCuPXdFG6EQK9CQCgqkyzrBPjYuhpzX2FoJZ4dWEJI18AoJTC
srnwQMEXYJcgGfoVXI6u6/Xz
=+pju
-----END PGP SIGNATURE-----


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================







================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.