1. This is solved using a generic* user (p216 of the Management Guide) 2. This can be done using Office mode for SecureClient. But remember that this ip-address can't be inside the encryption domain. you need a SecureClient license in order to use Office Mode.
Lars > -----Original Message----- > From: Devon Harding - GTHLA [mailto:DHarding@;GILATLA.COM] > Sent: Friday, October 25, 2002 17:19 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] SecureRemote NG + Radius > > > Well, I can get this working ONLY if I add the user in > CheckPoint. There, I > can modify the authentication tab of the user and tell it > authenticate with > a radius server which I've added in CheckPoint to talk to > IAS, which works > fine. > > Two problems exist: > > 1. I want the users to authenticate via radius WITHOUT > creating them in > CheckPoint. (My AD contains over 2000 users) > > 2. When a user does authenticate, I would like him to use an > address pool on > the network instead of his real NAT IP address. (He's behind > a NAT router.) > > How can this be done? > > -Devon > > -----Original Message----- > From: libone mhlanga [mailto:libone@;LYCOS.COM] > Sent: Friday, October 25, 2002 6:02 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] SecureRemote NG + Radius > > Well there are three of us interested now ...i tried last > night and failed > to make FW1/VPN1-NG FP2 talk to an already existing RADIUS server !! > -- > > On Thu, 24 Oct 2002 23:08:52 > Lars Troen wrote: > >A, > >There have been quite a few such requests lately. I'll see > if I can write a > step by step howto on the topic as it's not documented on Phoneboy or > anywhere else that I've found. > > > >But the basics are: > >- With nt4sp4 and later, plus in w2k (any sp) each user must > be granted > dial-in rights. > >- clear text (pap) authentication (no ms-chap or similar) > >- It works with both radius 1.0 and 2.0 protocol settings on fw1. > >- Make sure the firewall and the radius server can talk to > each other and > that there are no natting taking place on the radius communication. > >- For debugging purposes, tcpdump/network monitor and netcat > are useful > tools. Radius is using udp so you can't use telnet to verify > the connection. > >- The radius shared secret might be sensitive about some > characters, I > don't remember which ones and if it was fw1 or w2k that > caused this problem. > >- The IAS log is always a good place to watch carefully. > > > >Lars > > > >> -----Original Message----- > >> From: Andrea Coppini [mailto:andreacoppini@;IWG.INFO] > >> Sent: Thursday, October 24, 2002 22:11 > >> To: [EMAIL PROTECTED] > >> Subject: Re: [FW-1] SecureRemote NG + Radius > >> > >> > >> Lars, > >> > >> There are at least 2 of us interested in this > information... Care to > >> share any info you might have on how to go about this? > >> > >> Regards > >> A > >> > >> > >> -----Original Message----- > >> From: Lars Troen [mailto:Lars.Troen@;PROXYCOM.NO] > >> Sent: 24 October 2002 8:30 PM > >> To: [EMAIL PROTECTED] > >> Subject: Re: [FW-1] SecureRemote NG + Radius > >> > >> > >> Chris, > >> I have used Microsoft Radius (IAS: NT4 / w2k AD) to > authenticate users > >> on both 4.0, 4.1 and NGFP2. > >> > >> Lars > >> > -----Original Message----- > >> > From: Barber, Chris [mailto:cbarber@;CRITICALIP.COM] > >> > Sent: Thursday, October 24, 2002 18:52 > >> > To: [EMAIL PROTECTED] > >> > Subject: Re: [FW-1] SecureRemote NG + Radius > >> > > >> > > >> > If you are using LDAP/Active Directory do a search on Checkpoints > >> > website for "Active Directory" in the list that comes up > there will > >> > be a Document > >> > that is titled "How to configure Microsoft's Active Directory > >> > Server to work > >> > with Checkpoint NG FP2" that will be better than radius. > >> Last time I > >> > checked with CheckPoint they did not support Microsoft > >> > Radius, but that was > >> > on 4.1 fp5, it may now be supported on NG. > >> > > >> > Chris. > >> > > >> > -----Original Message----- > >> > From: Devon Harding - GTHLA [mailto:DHarding@;GILATLA.COM] > >> > Sent: Thursday, October 24, 2002 12:28 PM > >> > To: [EMAIL PROTECTED] > >> > Subject: [FW-1] SecureRemote NG + Radius > >> > > >> > > >> > How can I get SecureRemote NG to authenticate against a > >> radius (Win2K) > >> > >> > server without creating internal CheckPoint users? I'd > >> like for it to > >> > >> > look up the users on the Radius server instead of > looking for them > >> > in CheckPoint > >> > first. > >> > > >> > -Devon > >> > > >> > ================================================= > >> > To set vacation, Out Of Office, or away messages, > >> > send an email to [EMAIL PROTECTED] > >> > in the BODY of the email add: > >> > set fw-1-mailinglist nomail > >> > ================================================= > >> > To unsubscribe from this mailing list, > >> > please see the instructions at > >> > http://www.checkpoint.com/services/mailing.html > >> > ================================================= > >> > If you have any questions on how to change your > >> > subscription options, email > >> > [EMAIL PROTECTED] > >> > ================================================= > >> > > >> > ================================================= > >> > To set vacation, Out Of Office, or away messages, > >> > send an email to [EMAIL PROTECTED] > >> > in the BODY of the email add: > >> > set fw-1-mailinglist nomail > >> > ================================================= > >> > To unsubscribe from this mailing list, > >> > please see the instructions at > >> > http://www.checkpoint.com/services/mailing.html > >> > ================================================= > >> > If you have any questions on how to change your > >> > subscription options, email > >> > [EMAIL PROTECTED] > >> > ================================================= > >> > > >> > >> ================================================= > >> To set vacation, Out Of Office, or away messages, > >> send an email to [EMAIL PROTECTED] > >> in the BODY of the email add: > >> set fw-1-mailinglist nomail > >> ================================================= > >> To unsubscribe from this mailing list, > >> please see the instructions at > >> http://www.checkpoint.com/services/mailing.html > >> ================================================= > >> If you have any questions on how to change your > >> subscription options, email > >> [EMAIL PROTECTED] > >> ================================================= > >> > >> Andrea Coppini > >> +356 79 ANDREA (263732) > >> [EMAIL PROTECTED] > >> > >> EMPOWER PEOPLE - THE WORLD IN YOUR HAND > >> > >> iWG (iWORLD GROUP) is a global e-mobile company creating, > >> building and growing new businesses. iWG founders are > >> pioneers in creating multi-billion dollar mobile and Internet > >> businesses in Europe, Asia and the US. > >> > >> The Global Partners include the shareholders Bank of America, > >> Deutsche Bank, Hikari Tsushin, McCaw, PaineWebber/UBS, The > >> Dolphins' Trust, Perikles Trust and the iAA Advisory Network. > >> > >> www.iWG.info > >> > >> www.countryprofiler.com/iWG > >> > >> Privileged/Confidential Information may be contained in this > >> message. If you are not the addressee indicated in this > >> message (or responsible for delivery of the message to such > >> person), you may not copy or deliver this message to anyone. > >> In such case, you should destroy this message and kindly > >> notify the sender by reply email. > >> > >> ================================================= > >> To set vacation, Out Of Office, or away messages, > >> send an email to [EMAIL PROTECTED] > >> in the BODY of the email add: > >> set fw-1-mailinglist nomail > >> ================================================= > >> To unsubscribe from this mailing list, > >> please see the instructions at > >> http://www.checkpoint.com/services/mailing.html > >> ================================================= > >> If you have any questions on how to change your > >> subscription options, email > >> [EMAIL PROTECTED] > >> ================================================= > >> > > > >================================================= > >To set vacation, Out Of Office, or away messages, > >send an email to [EMAIL PROTECTED] > >in the BODY of the email add: > >set fw-1-mailinglist nomail > >================================================= > >To unsubscribe from this mailing list, > >please see the instructions at > >http://www.checkpoint.com/services/mailing.html > >================================================= > >If you have any questions on how to change your > >subscription options, email > >[EMAIL PROTECTED] > >================================================= > > > > > ____________________________________________________________ > Get 250 full-color business cards FREE right now! > http://businesscards.lycos.com > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
