[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re[2]: [FW1] RADIUS Setup
Hello Patrick, As I said before I did not set a configuration like the one you are going to do, but on checkpoint paper on Ike Hybrid mode there are 2 thing to do you didn't (and I have not deeply understood what are them for). 1) Create a certificate authority on the managment statation. Certificate the firewall. 2) Create a user with IKE Preshared key for the topology download. Hope it helps, MaX PS The Checkpoint paper on hybrid mode is at: http://support.checkpoint.com/kb/docs/public/securemote/4_1/pdf/hybrid-2-10.pdf Saturday, March 17, 2001, 10:07:22 PM, you wrote: PB> The hybrid box is checked. One thing I am noticing is that the rule PB> allowing for RADIUS Auth is not showing as being used in the logs... PB> Also the IAS server uses 1812 & 1813, but has 1645 & 1646 defined as PB> secondaries. PB> -----Original Message----- PB> From: Mike Thomi [mailto:[email protected]] PB> Sent: Saturday, March 17, 2001 12:37 PM PB> To: Patrick Baird PB> Subject: Re: [FW1] RADIUS Setup PB> ----- Original Message ----- PB> From: "Patrick Baird" <[email protected]> PB> To: <[email protected]> PB> Sent: Saturday, March 17, 2001 4:42 PM PB> Subject: [FW1] RADIUS Setup >> I get no loggin message on the RADIUS server about authentication even PB> being >> attempted, but I get the following in the firewall logs: >> reject rule 0 reason Refused Topology request. Authentication scheme PB> not >> allowed for user. >> >> 1 Question, do I need the routing and remote access service running on the >> IAS machine? PB> No, you don't need them. PB> But the radius attribute"service-type = "Authenticate-Only" is need for PB> correct auth in radius (on ias2k it is already activated, but on nt4 PB> optionpack ias it isn't) >> If I switch to fw-1 password on the firewall object, my SR rules work PB> fine. >> PB> Have you activated the "VPN & fw1 authentication for SecuRemote (Hybrid PB> Mode) in fw object/VPN/IKE? PB> mike PB> ================================================================================ PB> To unsubscribe from this mailing list, please see the instructions at PB> http://www.checkpoint.com/services/mailing.html PB> ================================================================================ -- Best regards, MaXsecurity mailto:[email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|