[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Hybrid IKE SecuRemote with Radius Auth problems.
Hi
everyone.
I am slowly
getting this method to work with a lot of help from you guys - so thanks
:)
I have sucesfully
managed to get Radius to Auth the users but am running into problems with the
user not being properly defined on a number of sites.
The set-up is as
follows. The defined site is the managment server behind a pair of HA (failover
only) IP440's. we have 5 other encryption domains behind IP330's using IKE for
the VPN, all managed by the same server.
SR radius clients
can authenticate without any problems and access all areas (allowed) of the
encryption domain behind the cluster firewalls. When the client tries to access
any resources behind any of the other firewalls sr replies with the error 'IKE
not properly defined for user' and requires authentication again. but still will
not allow access to the encryption domain.
I have confirmed
via the GUI that these other firewalls also have a certificate created by the fw
internalca command on the managment server. (have the same problem with or
without the certs.)
I am sure that is
is not just a general problem with our SR setup because user accounts that are
straight-forward IKE (i.e. have IKE passwords, not RADIUS) can access all of the
encryption domains.
The RADIUS server
can only be contacted by the cluster firewalls at the moment. Could this be what
is causing the problem? -- I thought that the authentication only happens once -
when the connection is first made.
thanks again for
all the help i have received, and in advance for any more.
rich
:)
Richard Marshall Network Systems Analyst NetDoktor Tel: + 44 20 7681 8470 Mobile: + 44 7980 865 306 MSN Messenger: richiemarshall E-mail: [email protected] http://www.netdoktor.com -----------------------
|