Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 1 subscriber
  • Views 5642 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using UTM 9 L2TP over IPSEC with radius

jimf81
I am trying to get a windows server 2008 radius server working with L2TP. I followed the directions on the Knowledgebase and get the below error when trying to test the connection

Error: Sending packet failed: send failed

Please let me know what my issue may be.

Thank You!


This thread was automatically locked due to age.
  • 0
    Think i got that part fixed now i get
    Server test passed.

    But get the below error when testing

    This is when testing a user
    User authentication:


    Radius authentication failed


    User is a member of the following groups:


    No groups have been found for this user

    If i dont set NAS identifier is get

    User authentication:


    Authentication test passed.


    User is a member of the following groups:


    No groups have been found for this user

    Plase assist
  • 0
    Jim, I think you may have an incomplete configuration in the WinServer.  Did you follow How to use RADIUS Authentication: Astaro Security Gateway/Sophos UTM  What AD Group did you choose for the Network Policy?  Have you tried to logon to L2TP/IPsec with what you have now?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    I got it working, even though it showed an error testing once i tried to connect to L2TP it worked. Now my question is how do i setup firewall  rules for access restrictions if all users are coming from Radius authenticated users?
  • 0
    Jim, it's not possible without syncing the AD Security Groups of those allowed to have more than basic access (or those allowed only basic access, whichever represents fewer users).

    If this is a business, I think it would benefit from spending a few hundred dollars with your reseller (assuming they have the experience) to get started on the right foot.  I usually wind up charging two-to-four-times as much to clean up a configuration as compared to creating the design in the first place.  Of course, if you're doing this as a learning exercize, then just keep asking questions! [;)]

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    We are setting this up as a prrof on concept. If it works we will be buying the software for our production use we expect on having about 100-150 users in about 30 different groups. I thought with L2TP you could not use AD users or groups and could only use Radius?
  • 0
    That's right.  I think the cleanest solution today is the SSL VPN.  Instead of creating a bunch of Firewall rules, you can define different profiles for the different groups, then, if you want to change a user's access rights, you just change the group membership in AD, and you don't need to touch the UTM.

    Plus, the new OpenVPN app for iPhone (I don't know about Android) is supported by the UTM and the User Portal.  In addition to being able to install from the User Portal, iOS and SSL VPN install packages can be downloaded and emailed to endusers.

    Cheers - Bob
    PS I have appointments, so I can't continue this conversation.  I've sent you a PM.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML