Hello Patrick,
I am really new to FW-1, but I will have to setup a firewall similar
to the one you set up.
Did you read about Hybrid mode IKE? I don't have the url of the
documents now with me, but if you want I can send it to you privately.
If not I think you should.
I tried to implement a solution similar to the one you did, but had
some problems (different from the one you had).
Hope it helps,
MaX
PS
PLEASE write me if this setup works correctly or if you have problems
because I am going to setup a network similar to the one you have.
Saturday, March 17, 2001, 4:42:01 PM, you wrote:
PB> All,
PB> FW-1 4.1 SP3
PB> NT sp6a
PB> RADIUS - W2k IAS
PB> I have defined the following:
PB> Firewall Object: Authentication Tab - RADIUS
PB> I have defined a network object for my RADIUS server (Call it Radius1)
PB> I have created a RADIUS server object - entered the shared secret
PB> - I have selected RADIUS V2.0
PB> I have created a RADIUS Group object, and placed the above RADIUS Server
PB> object in it.
PB> I have created the generic* user, added RADIUS, with my RADIUSServer group.
PB> I have added the generic* user to the appropriate SR group for rule
PB> definition.
PB> I have unchecked the 'allow fw-1, blah, blah connections' in the properties
PB> pane and have defined the appropriate connection rules manually
PB> (topo,key,IKE,mgmt, etc...->they all work)
PB> Before my stealth rule I have added the following rule:
PB> FW Radius1 UDP RADIUS Accept Long SRC
PB> On the w2k IAS server, I have added the FW object for authentication and
PB> enabled it in active directory. The server does appear in the RAS & IAS
PB> Servers group. The user does have RAS access enabled
PB> I get no loggin message on the RADIUS server about authentication even being
PB> attempted, but I get the following in the firewall logs:
PB> reject rule 0 reason Refused Topology request. Authentication scheme not
PB> allowed for user.
PB> 1 Question, do I need the routing and remote access service running on the
PB> IAS machine?
PB> If I switch to fw-1 password on the firewall object, my SR rules work fine.
PB> Can someone please tell me what I'm missing, I'm going crazy!!!!
PB> thanks in advance.
PB> PDB
PB> ================================================================================
PB> To unsubscribe from this mailing list, please see the instructions at
PB> http://www.checkpoint.com/services/mailing.html
PB> ================================================================================
--
Best regards,
MaXsecurity mailto:[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
