Greetings
I am configuring SecuRemote Ver 4.1 using
Steel-belted Radius from funk site. I am able to
create a site, exchange keys successfully using FWZ.
When I use PCAnywhere to connect to a machine, the
authentication by Radius fails "saying user not
found". In my FW logs, I see rejection by Rule 0 and
the reason is "client encryption : unknown user".
However I am successful when I use VPN/FW as
authentication.
The radius server and the Firewall are on the same net
and can talk to each other. I am using CP 4.1.
-----------------------------------------------------
On the Radius server, I did the following
a) Added the FW as a RAS client using the correct
host-name. Gave the internal address of the FW. Tried
with external IP too.
b)Gave a shared secret.
c) Created a native user called test and gave a
passwd. Later I will be using the NT authentication.
d) Gave preference for Authentication as thro' native
user.
e) Stopped and restarted the Radius service
------------------------------------------------------
On the FW, I did the following
a)Created a Workstation object for the radius server
with a NATED address.
b) Created a radius Server object mentioning the above
workstation pbject as host, radius as service and
shared secret same as that on the radius server.
Version was correctly mentioned.
c)Created generic* user and default user and ensured
that authentication is set to the radius server.
d)On the FW object, I defined the encryption domain
(the radius server is part of it), and made sure
Securemote as exportable and Radius service as an
authentication method.
d)Created Client encrypt rule defining the encryption
domain.
e)Created rule for Radius server to talk to FW.
------------------------------------------------------
Have I missed out anything? is there a Radius log
which I can get more detail info.
Thx in advance
Raghu
__________________________________________________
Do You Yahoo!?
Yahoo! Messenger - Talk while you surf! It's FREE.
http://im.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
