[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] RADIUS Setup
Hello Patrick, I am really new to FW-1, but I will have to setup a firewall similar to the one you set up. Did you read about Hybrid mode IKE? I don't have the url of the documents now with me, but if you want I can send it to you privately. If not I think you should. I tried to implement a solution similar to the one you did, but had some problems (different from the one you had). Hope it helps, MaX PS PLEASE write me if this setup works correctly or if you have problems because I am going to setup a network similar to the one you have. Saturday, March 17, 2001, 4:42:01 PM, you wrote: PB> All, PB> FW-1 4.1 SP3 PB> NT sp6a PB> RADIUS - W2k IAS PB> I have defined the following: PB> Firewall Object: Authentication Tab - RADIUS PB> I have defined a network object for my RADIUS server (Call it Radius1) PB> I have created a RADIUS server object - entered the shared secret PB> - I have selected RADIUS V2.0 PB> I have created a RADIUS Group object, and placed the above RADIUS Server PB> object in it. PB> I have created the generic* user, added RADIUS, with my RADIUSServer group. PB> I have added the generic* user to the appropriate SR group for rule PB> definition. PB> I have unchecked the 'allow fw-1, blah, blah connections' in the properties PB> pane and have defined the appropriate connection rules manually PB> (topo,key,IKE,mgmt, etc...->they all work) PB> Before my stealth rule I have added the following rule: PB> FW Radius1 UDP RADIUS Accept Long SRC PB> On the w2k IAS server, I have added the FW object for authentication and PB> enabled it in active directory. The server does appear in the RAS & IAS PB> Servers group. The user does have RAS access enabled PB> I get no loggin message on the RADIUS server about authentication even being PB> attempted, but I get the following in the firewall logs: PB> reject rule 0 reason Refused Topology request. Authentication scheme not PB> allowed for user. PB> 1 Question, do I need the routing and remote access service running on the PB> IAS machine? PB> If I switch to fw-1 password on the firewall object, my SR rules work fine. PB> Can someone please tell me what I'm missing, I'm going crazy!!!! PB> thanks in advance. PB> PDB PB> ================================================================================ PB> To unsubscribe from this mailing list, please see the instructions at PB> http://www.checkpoint.com/services/mailing.html PB> ================================================================================ -- Best regards, MaXsecurity mailto:[email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|