The
IAS server is configured to accept all encryption requests.
The
default policy on IAS is to allow users with idal in access, yes the user does
have this permission enabled.
Both
the internal IP address (default gateway) and the xeternal ip (licensed)
addresses are registered as clients on IAS.
The
log file says:
user X
was granted access.
NAS-IP
address: [external interface/licensed address]
NAS-identifier: not present
client
friendly name: fwall_external
client-ip-address: [external interface/licensed
address]
NAS-port-type: not present
NAS-port: not present
policy
name: allow access if dial in permissions enabled
authentication-type: PAP
EAP-type: undetermined.
Thanks,
Neil
-----Original Message-----
From: Lars Troen [mailto:[EMAIL PROTECTED]]
Sent: 18 October 2002 12:42
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] SecuRemote authentication with Win2K IAS ServerNeil,- You have configured the IAS server to accept CHAP (non-encrypted) requests?- The user you're trying to authenticate are granted dial-in access?- You have both the licensed and the internal ip of the firewall cofigured as a client in IAS?- What does the IAS log say?Lars-----Original Message-----
From: Neil Roach [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 18, 2002 13:07
To: [EMAIL PROTECTED]
Subject: [FW-1] SecuRemote authentication with Win2K IAS ServerI have configured the firewall with the "*generic" account name for pass through authentication to a Windows 2000 server running the IAS service.The IAS server has been configured with the real world and localnet ip addresses of the fwall host and a pre shared secret has been added, this being configured on the firewall.I have changed the port number for RADIUS and can see the request being made to the IAS server in the firewall logs.The system event log shows the password authentication request coming in from teh NAS-IP being the real world ip address.However, on the client I get the error that no response from the RADIUS server.Any thoughts or suggestions would be helpful.Thanks in advance.
***************************************************************
This message contains confidential information for the above
recipient(s). If you received it in error you may not copy, use
or distribute this information. Please advise the sender
immediately by returning the e-mail highlighting the error.
This message including any attachments has been scanned for
all known viruses.
***************************************************************
This message contains confidential information for the above
recipient(s). If you received it in error you may not copy, use
or distribute this information. Please advise the sender
immediately by returning the e-mail highlighting the error.
This message including any attachments has been scanned for
all known viruses.
