<div>
Check the shared secret beween the Checkpoint and the RADIUS server.
</div>


Check the shared secret beween the Checkpoint and the RADIUS server.

<div>
Yes i've done that. &nbsp;It should be correct. 
</div>


Yes i've done that.  It should be correct.

<div>
<div class="content wysiwyg-content">
Hi,<br />
Im having trouble authenticating against my RADIUS server (Win 2008, NPS) using Check Point SSL VPN. <br />
<br />
Using Wireshark i can see the &quot;RADIUS Access-Request(1)&quot; packet coming in, but my RADIUS server responds with &quot;RADIUS Access-Reject(3). &nbsp;The VPN log tells me that the username or password was invalid. &nbsp;However, I'm 100% sure the login details are correct (AD user). The SSL VPN is working with no problem when using a local firewall user account.<br />
<br />
The authentication method is PAP. &nbsp;Both firewall and server is configured to only use PAP.<br />
My Network Policy is using condition: NAS Port Type: Virtual (VPN), constraints are PAP, SPAP only and the attributes im using are: <br />
Framed Protocol: PPP<br />
Service Type: Framed<br />
<br />
I'm thinking maybe it is my attributes that are wrong since the Checkpoint setup is pretty straightforward. &nbsp;I would appreciate any help on this, especially from anyone who has SSL VPN setup using CheckPoint R70 or newer (i have R75).<br />
<br />
<br />
<br />
<br />
<br />

</div>
</div>


Hi,
Im having trouble authenticating against my RADIUS server (Win 2008, NPS) using Check Point SSL VPN. 

Using Wireshark i can see the "RADIUS Access-Request(1)" packet coming in, but my RADIUS server responds with "RADIUS Access-Reject(3).  The VPN log tells me that the username or password was invalid.  However, I'm 100% sure the login details are correct (AD user). The SSL VPN is working with no problem when using a local firewall user account.

The authentication method is PAP.  Both firewall and server is configured to only use PAP.
My Network Policy is using condition: NAS Port Type: Virtual (VPN), constraints are PAP, SPAP only and the attributes im using are: 
Framed Protocol: PPP
Service Type: Framed

I'm thinking maybe it is my attributes that are wrong since the Checkpoint setup is pretty straightforward.  I would appreciate any help on this, especially from anyone who has SSL VPN setup using CheckPoint R70 or newer (i have R75).







SSL VPN RADIUS authentication

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.