Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2570 Views 29 Replies Latest reply: Aug 21, 2013 6:46 AM by dpbpc62 RSS 1 2 3 Previous Next
dpbpc62 Apprentice 82 posts since
Aug 29, 2011
Currently Being Moderated

Aug 2, 2013 9:48 AM

ShrewSoft VPN Client and RSA Securid (RADIUS and XAuth) with MFE v8.3.1

I'm having an issue with the ShrewSoft VPN Client using XAuth to RADIUS (securid)

 

In the VPN Definition for XAuth you have to use remote identities, does this mean you have to create all the users that will be using RSA token's.

 

Like I said I'm having trouble connecting the dots... I can get the ShrewSoft to work with certificates, but have little to no documentation on using XAuth and RADIUS.

 

Has anyone out there use the MFE vpn with XAuth/RADIUS?

 

Thank

 

Dana

  • mtuma McAfee SME 314 posts since
    Nov 3, 2009

    Hello,

     

    If you have configured and successfully setup ShrewSoft with certificates, then adding XAUTH should be pretty easy. All you need to do is configure the following:

     

    Network>VPN Configuration>ISAKMP Server and make sure you have the correct XAUTH Method configured.

     

    In the VPN definition itself, make sure you select a Method with XAUTH in it. If you are using XAUTH and single certificate then no identities are necessary.

     

    Configure ShrewSoft to use XAUTH.

     

    If the Authenticator is configured properly then it should prompt you and should be able to authenticate and get in to the VPN.

     

     

    FYI, the identities are totally independent of XAUTH authentication. You do not need to create users for all the people with tokens.

     

    -Matt

  • mtuma McAfee SME 314 posts since
    Nov 3, 2009

    Hello,

     

    Those messages are actually indicating that the ISAKMP server has recieved a VPN negotiation attempt, so your ACL rule is just fine.

     

    What it seems to be saying is that it recieved an Aggressive mode request and the firewall is setup to only allow main mode? Can you double check the "Advanced" tab of the VPN?

     

    -Matt

  • mtuma McAfee SME 314 posts since
    Nov 3, 2009

    Where did you see the error "gateway authentication error"? was it on the client?

     

    Does Shrewsoft ever prompt you for credentials?

     

    -Matt

1 2 3 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points