NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] RADIUS Setup



Hello Patrick,

I am really new to FW-1, but I will have to setup a firewall similar
to the one you set up.

Did  you  read  about  Hybrid  mode  IKE?  I don't have the url of the
documents now with me, but if you want I can send it to you privately.
If not I think you should.

I tried to implement a solution similar to the one you did, but had
some problems (different from the one you had).

Hope it helps,

MaX

PS
PLEASE write me if this setup works correctly or if you have problems
because I am going to setup a network similar to the one you have.

Saturday, March 17, 2001, 4:42:01 PM, you wrote:


PB> All,

PB> FW-1 4.1 SP3
PB> NT sp6a

PB> RADIUS - W2k IAS

PB> I have defined the following:

PB>  Firewall Object:       Authentication Tab - RADIUS
PB>  I have defined a network object for my RADIUS server (Call it Radius1)
PB>  I have created a RADIUS server object - entered the shared secret
PB>         - I have selected RADIUS V2.0
PB>  I have created a RADIUS Group object, and placed the above RADIUS Server
PB> object in it.
 
PB>  I have created the generic* user, added RADIUS, with my RADIUSServer group.
PB> I have added the generic* user to the appropriate SR group for rule
PB> definition.

PB>  I have unchecked the 'allow fw-1, blah, blah connections' in the properties
PB> pane and have defined the appropriate connection rules manually
PB> (topo,key,IKE,mgmt, etc...->they all work)

PB>  Before my stealth rule I have added the following rule:
PB>   FW    Radius1 UDP RADIUS      Accept  Long    SRC

PB>  On the w2k IAS server, I have added the FW object for authentication and
PB> enabled it in active directory.  The server does appear in the RAS & IAS
PB> Servers group.  The user does have RAS access enabled

PB> I get no loggin message on the RADIUS server about authentication even being
PB> attempted, but I get the following in the firewall logs:
PB>   reject rule 0 reason Refused Topology request.  Authentication scheme not
PB> allowed for user.

PB> 1 Question, do I need the routing and remote access service running on the
PB> IAS machine?

PB> If I switch to fw-1 password on the firewall object, my SR rules work fine.

PB> Can someone please tell me what I'm missing, I'm going crazy!!!!


PB> thanks in advance.

PB> PDB


PB> ================================================================================
PB>      To unsubscribe from this mailing list, please see the instructions at
PB>                http://www.checkpoint.com/services/mailing.html
PB> ================================================================================



-- 
Best regards,
 MaXsecurity                            mailto:[email protected]




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.