Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [FW1] RADIUS Setup

To: Patrick Baird <[email protected]>
Subject: Re[2]: [FW1] RADIUS Setup
From: [email protected]
Date: Sun, 18 Mar 2001 10:07:54 +0100
Cc: "'Mike Thomi'" <[email protected]>, "'[email protected]'" <[email protected]>
In-reply-to: <[email protected]>
References: <[email protected]>
Reply-to: [email protected]
Sender: [email protected]

Hello Patrick,

As  I  said  before I did not set a configuration like the one you are
going  to  do,  but on checkpoint paper on Ike Hybrid mode there are 2
thing to do you didn't (and I have not deeply understood what are them
for).

1)   Create  a  certificate  authority  on  the  managment  statation.
Certificate the firewall.
2) Create a user with IKE Preshared key for the topology download.

Hope it helps,
MaX

PS
The Checkpoint paper on hybrid mode is at:
http://support.checkpoint.com/kb/docs/public/securemote/4_1/pdf/hybrid-2-10.pdf

Saturday, March 17, 2001, 10:07:22 PM, you wrote:

PB> The hybrid box is checked.  One thing I am noticing is that the rule
PB> allowing for RADIUS Auth is not showing as being used in the logs...

PB> Also the IAS server uses 1812 & 1813, but has 1645 & 1646 defined as
PB> secondaries.

PB> -----Original Message-----
PB> From: Mike Thomi [mailto:[email protected]]
PB> Sent: Saturday, March 17, 2001 12:37 PM
PB> To: Patrick Baird
PB> Subject: Re: [FW1] RADIUS Setup

PB> ----- Original Message -----
PB> From: "Patrick Baird" <[email protected]>
PB> To: <[email protected]>
PB> Sent: Saturday, March 17, 2001 4:42 PM
PB> Subject: [FW1] RADIUS Setup
>> I get no loggin message on the RADIUS server about authentication even
PB> being
>> attempted, but I get the following in the firewall logs:
>>   reject rule 0 reason Refused Topology request.  Authentication scheme
PB> not
>> allowed for user.
>>
>> 1 Question, do I need the routing and remote access service running on the
>> IAS machine?

PB> No, you don't need them.
PB> But the radius attribute"service-type = "Authenticate-Only" is need for
PB> correct auth in radius (on ias2k it is already activated, but on nt4
PB> optionpack ias it isn't)

>> If I switch to fw-1 password on the firewall object, my SR rules work
PB> fine.
>>

PB> Have you activated the "VPN & fw1 authentication for SecuRemote (Hybrid
PB> Mode) in fw object/VPN/IKE?

PB> mike

PB> ================================================================================
PB>      To unsubscribe from this mailing list, please see the instructions at
PB>                http://www.checkpoint.com/services/mailing.html
PB> ================================================================================

-- 
Best regards,
 MaXsecurity                            mailto:[email protected]

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] RADIUS Setup
  - From: Patrick Baird <[email protected]>

Prev by Date: Re: [FW1] Hardening of OS
Next by Date: Re: [FW1] Hardening of OS
Previous by thread: RE: [FW1] RADIUS Setup
Next by thread: RE: [FW1] RADIUS Setup
Index(es):
- Date
- Thread