NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Linux -.fw-1


In win 2k adv server is configured for both ports,1645 and 1812 ,by default itself.one new doubt, i have installed  another fw-1 over linux 6.2 redhat,kernel 2.2.x.i couldnt FWDIR.if i give setenv command, it says command not found.i am not able to come out of this problem.please help,
mohamed.

On Sat, 29 Sep 2001 Leonard Cheng wrote :
> 
> Did you look into whether the same UDP ports are used. 
> I think FW-1 is using the default 1645 (authentication) 
> 1646 (Accounting)
> while NT (at least Win2K for sure) is using 1812 and 
> 1813 respectively (RFC
> 2026). 
> 
> Hope it helps.
> 
> Leonard ....
> 
> 
> -----Original Message-----
> From: Mohamed Maraikayar [mailto:[email protected]]
> Sent: September 28, 2001 12:42 AM
> To: Juan Concepcion
> Cc: [email protected]; 
> mohamed maraikayar;
> Brockhoven,Werner
> Subject: Re: RE: [FW1] Re: RE: Radius authentication
> 
> 
> 
> 
> 
> 
> Couple of things you want to look at:
>  
> > Make sure the Radius service is actually running (not 
> > trying to insult your
> > intelligence, it's just better to be safe than to be 
> > sorry).
> 
> The Radius server is running.i checked by netstat -a 
> command.Also i used the
> same machine as Radius server for pix firewall.So i 
> conclude Radius server
> is running.I made the appropriate changes from pix 
> firewall to Fw-1, e-g
> name of group, shared key etc.
> 
> > Make sure the firewall and Radius server can ping 
> each 
> > other.
> 
> There is a Layer 3 connectivity, i can ping.
> 
> > Verify the Radius server is defined correctly in the 
> > firewall and that you
> > have verified the shared secret between the two.
> 
> This is also done.2 places.(1).In Manage servers, i 
> defined Radius
> server.(2) I created a radius server group,same name 
> defined in win 2k
> radius server,and added the server in the group.
> I created a user,and enabled authentication as radius 
> in the user prop.If
> any other config needed,please let 
 next thing I would do is to try the 
> authentication 
> > straight from the
> > firewall and run some sort of sniffer so you can see 
> > the traffic and ensure
> > that they are definitely communicating. Easiest way 
> to 
> > run this test would
> > be to run 'telnet localhost 259' on the firewall 
> which 
> > will invoke the
> > security server, enter a username of a user currently 
> > configured for radius,
> > and then make sure it first works straight from the 
> > firewall to the radius
> > server before you take the next step of getting 
> actual 
> > users to authenticate
> > from wherever they may be.
> 
> The user authentication is working. i choosed password 
> from VPN/FW-1.Also
> client and session authentication works fine.when it 
> comes to radius,the
> error comes.i also get a Radius password prompt.After 
> that only,the error"
> RADIUS servers not responding".Trying with sniffer is a 
> good idea,but i have
> to download and learn to use.yet i will try as last 
> resort.
> > As I said not trying to insult your intelligence in 
> any 
> > w
> st my experience that the longer 
> > you look/work @ a
> > problem the further away the most obvious things get 
> > away from you.
> I thank God for giving a good attitude,i never get 
> insulted in fact iam
> learning,Thanks.
> Last but least, I would like to tell the versions, 
> unfortunately the fw-1 is
> 4.1 version ,SP2 and OS is winNT 4 SP4.The radius 
> server is Win ADV Server.
> 
> 
> > 
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[email protected]
> ]
> > On Behalf Of
> > mohamed maraikayar
> > Sent: Wednesday, September 26, 2001 8:58 AM
> > To: Brockhoven,Werner
> > Cc: [email protected]
> > Subject: [FW1] Re: RE: Radius authentication
> > 
> > 
> > 
> > 
> > I havent added any rules till now.now i added 2 rules,
>  
> > from firewallgateway
> > to raduis server an
 vice versa.Still 
> i 
> > recieve the same
> > error.i configured a rule as " allusers@any ftp-serv 
> > ftp userauth gateway "
> > and in the user properties, i enabled radius 
> > authentication for a user,say
> > mohd.when i ftp to ftp-serv,i get  a prompt bcoz of 
> of 
> > user authentication
> > rule.i entered the username mohd,that is to be 
> > authenticated by radius
> > server.so fw-1 gave a prompt, "radius password:" ,i 
> > typed the password.then
> > it took some 10 seconds time and displayed,"radius 
> > servers not responding".i
> > disconnected the cable from fw-1 to radius server and 
> > tried again,i got the
> > same error.so i can now conclude that there is some 
> > thing missing in the
> > configuration of fw-1 or fw-1 related.any clues ?
> > thanks
> > mohamed.
> > 
> > On Wed, 26 Sep 2001 Brockhoven, Werner wrote :
> > > Hi,
> > >
> > > Do you have a rule to allow communication between 
> the
> > > radius and the FW-1 ?
> > > What do you get in the logging ?
> > >
> > > I'm sorry but I should ask you to send mails to the
> > > checkpoint mailing list
> > > and not directly to me personally.
> > >
> > > Regards,
> > >
> > > Werner
> > >
> > >
> > > -----Original Message-----
> >
> ayar [mailto:[email protected]]
> > > Sent: Wednesday, September 26, 2001 12:41 PM
> > > To: Brockhoven, Werner
> > > Subject: Radius authentication
> > >
> > >
> > >
> > > Sorry, i am sending you a third mail.Now i have 
> made a
> > > win 2000 advanced
> > > server as radius server.i have done the necesary
> > > configurations ,added the
> > > client as firewall's interface,defined radius server
> > > group etc.The win NT
> > > (SP4), i have installed checkpoint 4.1 (SP2).i have
> > > defined the radius
> > > server,shared key etc in check point also.but the 
> > error
> > > i get is,"Radius
> > > server not responding" , i searched mailing list 
> also,
> > > but didnt get the
> > > answer.what may be the problem ?
> > > thanks,
> > > moham
.
> > >
> > >
> > 
> > 
> > 
> > 
> > ======================================================-
> ==-
> > ====================
> > ====
> >      To unsubscribe from this mailing list, please 
> see 
> > the instructions at
> >                http://www.checkpoint.com/services/mail-
> in-
> > g.html
> > ======================================================-
> ==-
> > ====================
> > ====
> > 
> > 
> > 
> > ======================================================-
> ==-
> > ========================
> >      To unsubscribe from this mailing list, please 
> see 
> > the instructions at
> >                http://www.checkpoint.com/services/mail-
> in-
> > g.html
> > ======================================================-
> ==-
> > ========================
> > 
>  
> 
> 
> 
> ========================================================-
> ====================
> ====
>      To unsubscribe from this mailing list, please see 
> the instructions at
>                http://www.checkpoint.com/services/mailin-
> g.html
> ========================================================-
> ====================
> ====
> 
> 
> ========================================================-
> ========================
>      To unsubscribe from this mailing list, please see 
> the instructions at
>                http://www.checkpoint.com/services/mailin-
> g.html
> ========================================================-
> ========================
> 
 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.