Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Fabien
Explorer

Remote Access VPN by RADIUS auth.

Hello,


I am using CheckPoint SG5100 (v80.30) and I want to change the remote access authentication from "Username Password" to "RADIUS".


Once configured with this documentation :

- https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwjqn6W7-vDxA...

- + CheckPoint documentation


I have a very strange result.

RADIUS authentication is done correctly using the CheckPoint EndPoint VPN Client, IF there is a local user with the same username as the account used for RADIUS authentication. For any other AD account being in the VPN group, and not having a local account, the VPN Client returns me the error: "Negociation with site failed".
I don't know if I missed something.

Could you please explain me where my problem comes from?


Thanks in advance

0 Kudos
2 Replies
_Val_
Admin
Admin

First, the original document you are refering to, is published here: https://community.checkpoint.com/t5/Remote-Access-VPN/White-Paper-Using-RADIUS-Authentication-for-Re...

It would be much more useful if you ask the questions by that tread. 

Also, it seems your LDAP group is not configured properly. Please make sure your LDAP server and associated group are defined, before checking again your RADIUS config.

Also, please make sure you worked though the admin guide for RAS VPN: https://sc1.checkpoint.com/documents/R80.10_andhigher/WebAdminGuides/EN/CP_RemoteAccessVPN_AdminGuid...

Also, what is the client version?

0 Kudos
Fabien
Explorer

My client version : E83.10.

 

Okay thanks, i will check this out and will use the other topic for my questions.

0 Kudos