Windows 2008 R2 SP1 Sonicwall VPN RADIUS
Trying to get a TZ210 enhanced to authenticate global VPN clients agains a Windows 2008 R2 SP1 NPS server.
I have tried all these:
https://www.experts-exchange.com/questions/26198704/Sonicwall-VPN-with-SBS-2008-Radius.html
http://www.navelfluff.org/2010/02/11/sonicwall-vpn-with-radius-authentication/
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6591
I have tried turning off the Windows firewall, still get "server timout" on the Sonicwall RADIUS test.
If I have the windows firewall on despite having opend ALL ports and ALL protocols between the two IP addresses both inbound and outbound I get packets dropped by the filtering platform
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 0
Application Name: -
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 0
Application Name: -
Network Information:
Direction: Inbound
Source Address: 10.141.1.251 (Sonicwall)
Source Port: 4015
Destination Address: 10.141.1.128 (NPS server)
Destination Port: 1812
Protocol: 17
Filter Information:
Filter Run-Time ID: 89027
Layer Name: Transport
Layer Run-Time ID: 13
Network Information:
Direction: Outbound
Source Address: 10.141.1.128 (NPS server)
Source Port: 0
Destination Address: 10.141.1.251 (Sonicwall)
Destination Port: 0
Protocol: 1
Filter Information:
Filter Run-Time ID: 89029
Layer Name: ICMP Error
Layer Run-Time ID: 32
I have tried all these:
https://www.experts-exchange.com/questions/26198704/Sonicwall-VPN-with-SBS-2008-Radius.html
http://www.navelfluff.org/2010/02/11/sonicwall-vpn-with-radius-authentication/
http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=6591
I have tried turning off the Windows firewall, still get "server timout" on the Sonicwall RADIUS test.
If I have the windows firewall on despite having opend ALL ports and ALL protocols between the two IP addresses both inbound and outbound I get packets dropped by the filtering platform
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 0
Application Name: -
The Windows Filtering Platform has blocked a packet.
Application Information:
Process ID: 0
Application Name: -
Network Information:
Direction: Inbound
Source Address: 10.141.1.251 (Sonicwall)
Source Port: 4015
Destination Address: 10.141.1.128 (NPS server)
Destination Port: 1812
Protocol: 17
Filter Information:
Filter Run-Time ID: 89027
Layer Name: Transport
Layer Run-Time ID: 13
Network Information:
Direction: Outbound
Source Address: 10.141.1.128 (NPS server)
Source Port: 0
Destination Address: 10.141.1.251 (Sonicwall)
Destination Port: 0
Protocol: 1
Filter Information:
Filter Run-Time ID: 89029
Layer Name: ICMP Error
Layer Run-Time ID: 32
ASKER
Ah that is very interesting, I will try it in the morning.
Yes. I'll be please to read your feedback. Thanks.
ASKER
I don't have that option: right click on NPS (local) just gives me General and Ports.
ASKER
So I guess it is already AD integrated.
However I have tried to conenct from another RADIUS client and I cannot get a connection, so I guess it is the NPS.
However I have tried to conenct from another RADIUS client and I cannot get a connection, so I guess it is the NPS.
ASKER
So I have an old 2003 IAS server and a new 2008 R1 SP1 NPS server.
I have Sonicwall and a radius test client.
Both the Sonicwall and the test client can authenticate against the 2003 server.
Neither can authenticate against the 2008 R2 SP1 NPS.
I have nothing in system32\logfiles excelt when I restart NPS.
Any ideas?
I have Sonicwall and a radius test client.
Both the Sonicwall and the test client can authenticate against the 2003 server.
Neither can authenticate against the 2008 R2 SP1 NPS.
I have nothing in system32\logfiles excelt when I restart NPS.
Any ideas?
In your Win 2008 R2, you say you see general and port tabs. That's in the properties menu option when you right click NPS (local) - Properties.
My suggestion is to right click NPS (local) - Enable server in Active Directory. Not properties.
This is the menu options I see when I right click NPS (local). (my server is not in english, so please forgive if I miss translation) :
Import configuration
Export configuration
Start NPS service (grayed)
Stop NPS service
Enable server in Active Directory (grayed) <--- this is the option you might try
Properties
Help
My suggestion is to right click NPS (local) - Enable server in Active Directory. Not properties.
This is the menu options I see when I right click NPS (local). (my server is not in english, so please forgive if I miss translation) :
Import configuration
Export configuration
Start NPS service (grayed)
Stop NPS service
Enable server in Active Directory (grayed) <--- this is the option you might try
Properties
Help
ASKER
I don't have that option. I think it is already integrated in AD.
I made a new test server, and at first I had the option, but after I selected it it went away.
NPS-AD.JPG
I made a new test server, and at first I had the option, but after I selected it it went away.
NPS-AD.JPG
Okay I see.
Have you tried to select all but the last two authentication methods in your security policy.
CHAP and PAP, SPAP are not selected by default.
I've corrected a bug with that too.
Have you tried to select all but the last two authentication methods in your security policy.
CHAP and PAP, SPAP are not selected by default.
I've corrected a bug with that too.
ASKER
Yes but I don't want unencrypted authentication. Nor do I want CHAP as it is no longer secure.
I understand.
Still you may try it for debugging purposes. If it works, then you know what's going on.
Still you may try it for debugging purposes. If it works, then you know what's going on.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Great to know it works. I'll keep this solution in mind for future reference.
Thank you for the feedback !!
Thank you for the feedback !!
ASKER
role was corrputed.
Open NPS service, right click NPS (local), click Enable server in Active Directory.
That solved the problem for me.