Solved

SSL VPN RADIUS authentication

Posted on 2011-03-21
4
1,618 Views
Last Modified: 2012-06-22
Hi,
Im having trouble authenticating against my RADIUS server (Win 2008, NPS) using Check Point SSL VPN.

Using Wireshark i can see the "RADIUS Access-Request(1)" packet coming in, but my RADIUS server responds with "RADIUS Access-Reject(3).  The VPN log tells me that the username or password was invalid.  However, I'm 100% sure the login details are correct (AD user). The SSL VPN is working with no problem when using a local firewall user account.

The authentication method is PAP.  Both firewall and server is configured to only use PAP.
My Network Policy is using condition: NAS Port Type: Virtual (VPN), constraints are PAP, SPAP only and the attributes im using are:
Framed Protocol: PPP
Service Type: Framed

I'm thinking maybe it is my attributes that are wrong since the Checkpoint setup is pretty straightforward.  I would appreciate any help on this, especially from anyone who has SSL VPN setup using CheckPoint R70 or newer (i have R75).





0
Comment
Question by:olemrefv
  • 3
4 Comments
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Check the shared secret beween the Checkpoint and the RADIUS server.
0
 

Author Comment

by:olemrefv
Comment Utility
Yes i've done that.  It should be correct.
0
 

Accepted Solution

by:
olemrefv earned 0 total points
Comment Utility
Problem solved. Removed the Virtual (VPN) conditions in the policy.  
0
 

Author Closing Comment

by:olemrefv
Comment Utility
Solved.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

This is an article about my experiences with remote access to my clients (so that I may serve them) and eventually to my home office system via Radmin Remote Control. I have been using remote access for over 10 years and have been improving my metho…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now