Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] radius help

To: [email protected]
Subject: Re: [FW-1] radius help
From: Chris Tidwell <[email protected]>
Date: Fri, 7 Mar 2003 10:26:56 -0600
In-reply-to: <002201c2e4c3$84c6ec60$090879d1@p4266>
Organization: Check Point Software Technologies
References: <[email protected]> <002201c2e4c3$84c6ec60$090879d1@p4266>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Norman,

Could it be spoofing??

--

Chris Tidwell
Central Region Security Engineer
Check Point Software Technologies(V)(F)

http://www.checkpoint.com

WE SECURE THE INTERNET

* VPN-1 SecuRemote Demo:
        http://www.checkpoint.com/vpndemo/
* Check Point Partner Email:
        http://www.checkpoint.com/partners/list.html
* Technical Support Knowledge Base:
        http://support.checkpoint.com/kb/index.html
* Help Desk:
        http://www.checkpoint.com/operations/
* Public Support Site:
        http://www.checkpoint.com/techsupport/index.html
* Public Configuration Documents:
        http://support.checkpoint.com/service/publisher.asp
* Healthcare Security Information Center:
        http://www.checkpoint.com/products/hipaa/

______________________________________
This message may contain confidential and/or proprietary information,
and is intended only for the person/entity to whom it was originally addressed.
The content of this message may contain private views and opinions which do not
constitute a formal disclosure or commitment unless specifically stated.


Friday, March 7, 2003, 10:06:26 AM, you wrote:

NZ> Hi,

NZ> I have done some further troubleshooting. I see the RAIDUS packets from port
NZ> 1645 that originate from firewall to RADIUS server received reject. But
NZ> behind the LAN on a different machine in the same subnet, I received accept.
NZ> My firewall is set to allow outgoing traffic. Are there other properties
NZ> that I need to set in NG FP3?

NZ> Regards,
NZ> Norman

NZ> ----- Original Message -----
NZ> From: "Norman Zhang" <[email protected]>
NZ> To: <[email protected]>
NZ> Sent: Monday, March 03, 2003 5:45 PM
NZ> Subject: [FW-1] radius help


NZ> Hi,

NZ> I had this working in 4.1 but I can't get RADIUS to work in NG FP3. I
NZ> installed IAS from NT 4.0 Option Pack then applied midcamp.exe and
NZ> iassp6-x86.exe from MS.

NZ> My firewall rule is

localusers@LAN -->>any-->any-->http-->user authentication

NZ> The RADIUS clients file is setup as

NZ> FWIntIP mySecret

NZ> and users as

NZ> DEFAULT
NZ>   Internal-Proxy-Server = "DLL C:\Program Files\IAS\authsam.dll"
NZ>   Framed-Protocol = PPP
NZ>   Framed-Routing = Send
NZ>   Service-Type = Framed

NZ> Event Viewer displays the following with Event ID: 8207, Source: AuthSrv,
NZ> Type: Warning, Category: Malformed Packet

NZ> Unknown Client: Source = FWIntIP:2912
NZ>  Code = Access-Request
NZ>  Identifier = 64
NZ>  User-Name = InternalUser
NZ>  Password = ******
NZ>  Service-Type = Authenticate-Only
NZ>  NAS-IP-Address = FwExtIP

NZ> Would someone please give some pointers here?

NZ> Regards,
NZ> Norman

NZ> ---

NZ> Hi,

NZ> I have a RADIUS on a NT 4.0 BDC. I need to able to authenticate NG FP3 with
NZ> the RADIUS, but I seem to forget what settings that I need to change the
NZ> users file. I tried to follow,

NZ> DEFAULT   Auth-Type = System, User-Service-Type = Login-User

NZ> as described in
NZ> http://www.phoneboy.com/fom/fom.pl?_highlightWords=radius&file=435. But
NZ> those two attributes does not seem to exist in RADIUS (I'm using the one
NZ> came with NT 4.0 Option Pack (with appropriate fixes). Does anyone remember
NZ> what I need to change in the configuration file to get this working?

NZ> =================================================
NZ> To set vacation, Out Of Office, or away messages,
NZ> send an email to [email protected]
NZ> in the BODY of the email add:
NZ> set fw-1-mailinglist nomail
NZ> =================================================
NZ> To unsubscribe from this mailing list,
NZ> please see the instructions at
NZ> http://www.checkpoint.com/services/mailing.html
NZ> =================================================
NZ> If you have any questions on how to change your
NZ> subscription options, email
NZ> [email protected]
NZ> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] radius help
  - From: Norman Zhang <[email protected]>
- [FW-1] radius help
  - From: Norman Zhang <[email protected]>

Prev by Date: Re: [FW-1] NetOP back to SecuRemote client
Next by Date: [FW-1] Service names not in list
Previous by thread: [FW-1] radius help
Next by thread: Re: [FW-1] radius help
Index(es):
- Date
- Thread