I am trying to get VPN Radius authentication working with Gemalto SAS/STA cloud solution where I have a push token in use. This means I have two ways of authenticating:
- I open the token on my mobile and enter the display code when asked by VPN client for challenge
- instead of entering the code into the VPN, I can enter "p" so a push to my mobile is sent and can be accepted there.
Both versions work fine if I use multiple login options and first option is username/password and second is Radius.
But if I only use Radius only first option is working (entering code manually). Other option is failing with "negotiation with site failed".
I did a capture on the gateway with tcpdump to look for Radius traffic and found out that if I only enter a "p", there is no traffic to the radius servers generated.
Has someone an idea who to cope with that?
I have tested this with R80.30 SmartCenter and following gateway versions:
- R80.30 JHF T50
- R80.10 JHF 169 + machine certificate authentication hotfix
| User | Count |
|---|---|
| 3 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
Thu 02 May 2024 @ 04:00 PM (CEST)
CheckMates Live DACH - Keine Kompromisse - Sicheres SD-WANThu 02 May 2024 @ 05:00 PM (CEST)
SASE Masters: Deploying Harmony SASE for a 6,000-Strong Workforce in a Single Weekend
