Re[2]: [FW1] RADIUS Setup

Sun, 18 Mar 2001 01:32:32 -0800 


Hello Patrick,

As  I  said  before I did not set a configuration like the one you are
going  to  do,  but on checkpoint paper on Ike Hybrid mode there are 2
thing to do you didn't (and I have not deeply understood what are them
for).

1)   Create  a  certificate  authority  on  the  managment  statation.
Certificate the firewall.
2) Create a user with IKE Preshared key for the topology download.

Hope it helps,
MaX

PS
The Checkpoint paper on hybrid mode is at:
http://support.checkpoint.com/kb/docs/public/securemote/4_1/pdf/hybrid-2-10.pdf

Saturday, March 17, 2001, 10:07:22 PM, you wrote:


PB> The hybrid box is checked.  One thing I am noticing is that the rule
PB> allowing for RADIUS Auth is not showing as being used in the logs...

PB> Also the IAS server uses 1812 & 1813, but has 1645 & 1646 defined as
PB> secondaries.

PB> -----Original Message-----
PB> From: Mike Thomi [mailto:[EMAIL PROTECTED]]
PB> Sent: Saturday, March 17, 2001 12:37 PM
PB> To: Patrick Baird
PB> Subject: Re: [FW1] RADIUS Setup



PB> ----- Original Message -----
PB> From: "Patrick Baird" <[EMAIL PROTECTED]>
PB> To: <[EMAIL PROTECTED]>
PB> Sent: Saturday, March 17, 2001 4:42 PM
PB> Subject: [FW1] RADIUS Setup
>> I get no loggin message on the RADIUS server about authentication even
PB> being
>> attempted, but I get the following in the firewall logs:
>>   reject rule 0 reason Refused Topology request.  Authentication scheme
PB> not
>> allowed for user.
>>
>> 1 Question, do I need the routing and remote access service running on the
>> IAS machine?

PB> No, you don't need them.
PB> But the radius attribute"service-type = "Authenticate-Only" is need for
PB> correct auth in radius (on ias2k it is already activated, but on nt4
PB> optionpack ias it isn't)

>> If I switch to fw-1 password on the firewall object, my SR rules work
PB> fine.
>>

PB> Have you activated the "VPN & fw1 authentication for SecuRemote (Hybrid
PB> Mode) in fw object/VPN/IKE?

PB> mike



PB> ================================================================================
PB>      To unsubscribe from this mailing list, please see the instructions at
PB>                http://www.checkpoint.com/services/mailing.html
PB> ================================================================================



-- 
Best regards,
 MaXsecurity                            mailto:[EMAIL PROTECTED]




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to