Solved

SSL VPN RADIUS authentication

Posted on 2011-03-21
4
1,632 Views
Last Modified: 2012-06-22
Hi,
Im having trouble authenticating against my RADIUS server (Win 2008, NPS) using Check Point SSL VPN.

Using Wireshark i can see the "RADIUS Access-Request(1)" packet coming in, but my RADIUS server responds with "RADIUS Access-Reject(3).  The VPN log tells me that the username or password was invalid.  However, I'm 100% sure the login details are correct (AD user). The SSL VPN is working with no problem when using a local firewall user account.

The authentication method is PAP.  Both firewall and server is configured to only use PAP.
My Network Policy is using condition: NAS Port Type: Virtual (VPN), constraints are PAP, SPAP only and the attributes im using are:
Framed Protocol: PPP
Service Type: Framed

I'm thinking maybe it is my attributes that are wrong since the Checkpoint setup is pretty straightforward.  I would appreciate any help on this, especially from anyone who has SSL VPN setup using CheckPoint R70 or newer (i have R75).





0
Comment
Question by:olemrefv
  • 3
4 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 35180669
Check the shared secret beween the Checkpoint and the RADIUS server.
0
 

Author Comment

by:olemrefv
ID: 35180749
Yes i've done that.  It should be correct.
0
 

Accepted Solution

by:
olemrefv earned 0 total points
ID: 35276177
Problem solved. Removed the Virtual (VPN) conditions in the policy.  
0
 

Author Closing Comment

by:olemrefv
ID: 35321636
Solved.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question