cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

R80 : Tacacs in VPN

Hello Guys,

I want to set up tacacs authentication IN VPN , if someone from X network tries to connect to checkpoint Firewall (Gaia or Clish) in Site A , the firewall connect to  an ACS Server in Site B to authenticate him , how can i do that ?

Tags (3)
0 Kudos
2 Replies
Highlighted

Re: R80 : Tacacs in VPN

You might need to follow these steps:

- Configure GAIA OS to authenticate against your tacacs server using cli or webui

- Configure the site to site vpn between the gateways and make sure that the tacacs server is part of the encryption domain

- The tricky part any traffic matches implied rules will not be encrypted you might do the following:

       - In global properties set the "Accepte outgooing packets originating from gateway to be before last"

       - if the above option doesn't work you might need to to disable tacacs in implied_rules.def file on the mgmt server and create rule o allow the firewall to access the tacacs server and push policy

Thanks

0 Kudos

Re: R80 : Tacacs in VPN

thank you for answering , yes this is the issue  , the traffic toward my ACS is not encrypted  .

I swicth to Radius and i can seee that traffic is now encrypted , authentication doesnt work but its progress Smiley Happy . thank you 

0 Kudos