I am trying to get VPN Radius authentication working with Gemalto SAS/STA cloud solution where I have a push token in use. This means I have two ways of authenticating:
- I open the token on my mobile and enter the display code when asked by VPN client for challenge
- instead of entering the code into the VPN, I can enter "p" so a push to my mobile is sent and can be accepted there.
Both versions work fine if I use multiple login options and first option is username/password and second is Radius.
![Unbenannt.JPG Unbenannt.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/2646i1D2FC1A211949C54/image-size/medium?v=v2&px=400)
But if I only use Radius only first option is working (entering code manually). Other option is failing with "negotiation with site failed".
![Unbenannt2.JPG Unbenannt2.JPG](https://community.checkpoint.com/t5/image/serverpage/image-id/2647i00FA6C0AC888407F/image-size/medium?v=v2&px=400)
I did a capture on the gateway with tcpdump to look for Radius traffic and found out that if I only enter a "p", there is no traffic to the radius servers generated.
Has someone an idea who to cope with that?
I have tested this with R80.30 SmartCenter and following gateway versions:
- R80.30 JHF T50
- R80.10 JHF 169 + machine certificate authentication hotfix