[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Hybrid IKE SecuRemote with Radius Auth problems.
I sent this out a
week or two ago but didn't get any replies :( If anyone has some ideas could
they please help? I still havn't been able to get Hybrid IKE authentication to
work fully.
Hi
everyone.
I am slowly
getting this method to work with a lot of help from you guys - so thanks
:)
I have sucesfully
managed to get Radius to Auth the users but am running into problems with the
user not being properly defined on a number of sites.
The set-up is as
follows. The defined site is the managment server behind a pair of HA (failover
only) IP440's. we have 5 other encryption domains behind IP330's using IKE for
the VPN, all managed by the same server.
SR radius clients
can authenticate without any problems and access all areas (allowed) of the
encryption domain behind the cluster firewalls. When the client tries to access
any resources behind any of the other firewalls sr replies with the error 'IKE
not properly defined for user' and requires authentication again. but still will
not allow access to the encryption domain.
I have confirmed
via the GUI that these other firewalls also have a certificate created by the fw
internalca command on the managment server. (have the same problem with or
without the certs.) - Should the certs. be the same on all walls? They are
spread across several countries.
I am sure that is
is not just a general problem with our SR setup because user accounts that are
straight-forward IKE (i.e. have IKE passwords, not RADIUS) can access all of the
encryption domains. I am having problems pushing the userdatabase to some
encryption domains, but even the domains that i can update the userdb on still
has the same error message.
Does anyone have
any ideas on this?
thanks again for
all the help i have received, and in advance for any more.
rich
:)
Richard Marshall Network Systems Analyst NetDoktor Tel: + 44 20 7681 8470 Mobile: + 44 7980 865 306 MSN Messenger: richiemarshall E-mail: [email protected] http://www.netdoktor.com -----------------------
|