cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Heath_Mote
Copper

Remote Access VPN Authentication

Jump to solution

I'll preface this by saying we have one policy that has multiple gateways targeted and I'm wanting to configure the Remote Access VPN blade for each gateway. The confusion I have is trying to figure out why there are so many places to set the authentication. Here's what I've counted so far:

1 - Gateway properties > VPN Clients > Authentication

2 - Gateway properties > Mobile Access > Authentication

3 - User Template > Authentication

4 - Mobile Access Policy > Authentication

Why so many places to set the authentication? Also, with the multiple gateways and multiple places to set the authentication, it's very confusing. Does one take preference over the other or what...

We have R80.10 management with a mix of R80.10 and R77.30 gateways. Thanks for the help!

1 Solution

Accepted Solutions
Chris_Hoff
Nickel

Re: Remote Access VPN Authentication

Jump to solution

Basically it comes down to the fact there are several different types of remote access, and the authentication for each type can be different. To get a better grasp on the different kinds of remote access view sk67820. 

0 Kudos
4 Replies

Re: Remote Access VPN Authentication

Jump to solution

Hi Heath,

If Mobile access blade is enabled on your gateway and you are using Mobile access SSL VPN then you need to configure it in Mobile Access section. For the rest remote access, you can configure in VPN Clients.

You can refer "User and Client Authentication for remote access" section from R80.10 admin guide for more clarification.

Remote Access VPN R80.10 Administration Guide 

Chris_Hoff
Nickel

Re: Remote Access VPN Authentication

Jump to solution

Basically it comes down to the fact there are several different types of remote access, and the authentication for each type can be different. To get a better grasp on the different kinds of remote access view sk67820. 

0 Kudos
Heath_Mote
Copper

Re: Remote Access VPN Authentication

Jump to solution

Hey guys, thanks for the posts.

Gaurav, I couldn't open your link to view it.

Chris, I did view that SK and it does list the different types of VPNs that can be used but it didn't have much on the authentications listed.

I can set the authentication in 4 different places. The first two are more understandable because those are two types of VPNs are certainly different. The 3rd is tied to a User Template...so is there some sort of precedence that takes place? The 4th is tied to the Mobile Access policy...would that override the gateway settings?

Hoping someone from CP will jump in here. Coming from the Cisco ASA background the AAA is tied to a VPN profile only in one place. I totally understand that the CP is different but just stating my background to help understand why being able to set the authentication in multiple places is confusing at least. Thanks again for the posts. 

0 Kudos

Re: Remote Access VPN Authentication

Jump to solution

Ok Heath,

Just type "checkpoint r80.10 remote access admin guide" in Google and you can download Remote access VPN admin guide. There you will find "user & client authentication" section.

You will get good understanding for Remote Authentication as they have explained all possible options.