Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Hybrid IKE SecuRemote with Radius Auth problems.

To: <[email protected]>
Subject: [FW1] Hybrid IKE SecuRemote with Radius Auth problems.
From: "Richard Marshall" <[email protected]>
Date: Tue, 10 Jul 2001 10:44:10 +0100
Importance: Normal
Reply-to: <[email protected]>
Sender: [email protected]

I sent this out a week or two ago but didn't get any replies :( If anyone has some ideas could they please help? I still havn't been able to get Hybrid IKE authentication to work fully.

Hi everyone.

I am slowly getting this method to work with a lot of help from you guys - so thanks :)

I have sucesfully managed to get Radius to Auth the users but am running into problems with the user not being properly defined on a number of sites.

The set-up is as follows. The defined site is the managment server behind a pair of HA (failover only) IP440's. we have 5 other encryption domains behind IP330's using IKE for the VPN, all managed by the same server.

SR radius clients can authenticate without any problems and access all areas (allowed) of the encryption domain behind the cluster firewalls. When the client tries to access any resources behind any of the other firewalls sr replies with the error 'IKE not properly defined for user' and requires authentication again. but still will not allow access to the encryption domain.

I have confirmed via the GUI that these other firewalls also have a certificate created by the fw internalca command on the managment server. (have the same problem with or without the certs.) - Should the certs. be the same on all walls? They are spread across several countries.

I am sure that is is not just a general problem with our SR setup because user accounts that are straight-forward IKE (i.e. have IKE passwords, not RADIUS) can access all of the encryption domains. I am having problems pushing the userdatabase to some encryption domains, but even the domains that i can update the userdb on still has the same error message.

Does anyone have any ideas on this?

thanks again for all the help i have received, and in advance for any more.

rich :)

Richard Marshall
Network Systems Analyst
NetDoktor
Tel: + 44 20 7681 8470
Mobile: + 44 7980 865 306
MSN Messenger: richiemarshall
E-mail: [email protected]
http://www.netdoktor.com
-----------------------

Prev by Date: [FW1] Next Generation
Next by Date: Re: [FW1] CERT Advisory CA-2001-17
Previous by thread: [FW1] Next Generation
Next by thread: [FW1] No license for 'filter'
Index(es):
- Date
- Thread