AnsweredAssumed Answered

NPS RADIUS Accounting Forwarding to R77.30

Question asked by Martin Vilim on Apr 16, 2018

Hello,

I have a NPS server to made a authentication for VPN users. Because I want the firewall (R77.30) can understand the IP and username of the VPN traffic, I set up the accounting forwarding on the NPS, to the checkpoint R77.30. On the Checkpoint I configured the RADIUS Accounting under the Identity awareness. It works fine, now I can make a user rules on the checkpoint to filter the access from the VPN subnet to the resources on the LAN.

 

But, the NPS server logging a lot of errors on any clients authentication. Base on the testing, the errors are caused by forwarding the accounting information. The users authentication works great, just a lot of errors on the server side.

When I disabled the accounting forwarding, the errors from the NPS disappeared. What I know, the NPS expecting answer even for forwarded accounting information. Do you know if is possible to tweak the R77.30 somehow, to avoid these errors?

I can simply ignore it, but in the case of "rear" error, it will be difficult the recognize it, to solve it. Every connection throw around 5 logs - 4x ID 32, 1x ID 20271

 

In short:

NPS Accounting forward enabled -> R77.30 understand to traffic -> NPS server loggins errors -> VPN authetication works

NPS Accountign forward disabled -> R77.30 don't know the username for the client IP -> NPS server without error -> VPN authetication works

 

Errors:

Event ID 32 — Remote RADIUS Server Response Status | Microsoft Docs 

Event ID 20271 — RRAS Authentication and Accounting | Microsoft Docs 

Thank you for any suggestion.

Martin

Outcomes