NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Hybrid IKE SecuRemote with Radius Auth problems.



Hi everyone.
 
I am slowly getting this method to work with a lot of help from you guys - so thanks :)
 
I have sucesfully managed to get Radius to Auth the users but am running into problems with the user not being properly defined on a number of sites.
 
The set-up is as follows. The defined site is the managment server behind a pair of HA (failover only) IP440's. we have 5 other encryption domains behind IP330's using IKE for the VPN, all managed by the same server.
 
SR radius clients can authenticate without any problems and access all areas (allowed) of the encryption domain behind the cluster firewalls. When the client tries to access any resources behind any of the other firewalls sr replies with the error 'IKE not properly defined for user' and requires authentication again. but still will not allow access to the encryption domain.
 
I have confirmed via the GUI that these other firewalls also have a certificate created by the fw internalca command on the managment server. (have the same problem with or without the certs.)
 
I am sure that is is not just a general problem with our SR setup because user accounts that are straight-forward IKE (i.e. have IKE passwords, not RADIUS) can access all of the encryption domains.
 
The RADIUS server can only be contacted by the cluster firewalls at the moment. Could this be what is causing the problem? -- I thought that the authentication only happens once - when the connection is first made.
 
thanks again for all the help i have received, and in advance for any more.
 
rich :)
 
Richard Marshall
Network Systems Analyst
NetDoktor
Tel: + 44 20 7681 8470
Mobile: + 44 7980 865 306
MSN Messenger: richiemarshall
E-mail: [email protected]
http://www.netdoktor.com
-----------------------
 


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.