- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Negotiation with Site failed - SAML
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Jump to solution
Negotiation with Site failed - SAML
Mgmt R81.20
I have setup Azure Identity provider for SAML authentication .
When I try to connect i get prompted for Azure username/ password, then do my 2FA, then get redirected to a page that says VPN connection successful .
However on the actual client i see that the connection failed with the following message
"Negotiation with site failed"
I also checked azure sign logs and it shows a successful sign-on ,
Any ideas what could be the issue?
I am using latest E87.30 vpn client software
1 Solution
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i got this working by following a combination of these two links.
https://community.checkpoint.com/t5/Security-Gateways/Access-Role-not-working/m-p/144456#M22486
4 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Personally, I would collect client logs and have a look, as well as below from gateway:
1) First, please set up the client side debug. (On the workstation)
Right click on the client icon --> VPN Options --> Advanced --> enable logging checkbox --> click close.
Enable extended logging instead of basic if there is an option.
2) Initiate VPN debug on the FW:
# rm $FWDIR/log/ike.elg.*
# rm $FWDIR/log/ikev2.xmll.*
# rm $FWDIR/log/iked.elg.*
# rm $FWDIR/log/vpnd.elg.*
# rm $FWDIR/log/legacy_ike.*
# rm $FWDIR/log/legacy_ikev2.xmll.*
# > $FWDIR/log/ike.elg
# > $FWDIR/log/ikev2.xmll
# > $FWDIR/log/iked.elg
# > $FWDIR/log/vpnd.elg
# > $FWDIR/log/legacy_ike.elg
# > $FWDIR/log/legacy_ikev2.xmll
# vpn debug trunc
# vpn debug on TDERROR_ALL_ALL=5
3) <<<<Replicate the issue>>>>>
4) Stop VPN debug on the FW:
# vpn debug off
# vpn debug ikeoff
5) Right click on the client icon --> VPN Options --> Advanced --> collect logs --> click close.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey @nflnetwork29 ...any luck with this?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i got this working by following a combination of these two links.
https://community.checkpoint.com/t5/Security-Gateways/Access-Role-not-working/m-p/144456#M22486
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Excellent, thanks for sharing! 👍
Negotiation with Site failed - SAML
Mgmt R81.20
I have setup Azure Identity provider for SAML authentication .
When I try to connect i get prompted for Azure username/ password, then do my 2FA, then get redirected to a page that says VPN connection successful .
However on the actual client i see that the connection failed with the following message
"Negotiation with site failed"
I also checked azure sign logs and it shows a successful sign-on ,
Any ideas what could be the issue?
I am using latest E87.30 vpn client software
