We have a Checkpoint Firewall using ACS for authentication with RADIUS protocol.
We have two ACS servers configured as primary and secondary on the Checkpoint. Both the ACS servers are configured to use AD as the external database.
Checkpoint is forwarding the authentication request to the primary ACS server. The primary ACS server receives the request and keeps trying to authenticate with the AD. For some reason, the authentication is failing. Please check the attached failed login attempt log. ACS tries the authentication many times and hence the account of the user is being locked out on the AD.
Meanwhile, Checkpoint does not receive any response from the primary ACS server. So, it goes to the secondary ACS server. Checkpoint is able to authenticate with the Secondary ACS server.
To add more information to the case, the primary ACS server is successfully authenticating requests from wireless Access Points for the same user accounts.
The External Database configuration on both the ACS servers look the same.
Please let me know, what could be the problem and why the Primary ACS server is not authenticating requests from Checkpoint, while it can authenticate requests from Wireless Access Points.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...