VIP (Validation ID Protection)

Expand all | Collapse all

VIP integration with NPS

  • 1.  VIP integration with NPS

    Posted 08-02-2020 08:01 PM


    Having some difficulty with integration of Windows 2016 NPS with Symantec VIP with EG deployed on-prem.

    NPS server deployed to facilitate Wireless Access 802.1x as well as VPN connectivity from various firewalls.

    The current state:

    1. Wireless clients in multiple, on-prem locations authenticate through WLAN controllers based on provided domain username and password, the SSL certificate deployed on NPS servers creates encrypted tunnel - this part works without a problem.

    2. VPN users "dial-in" using laptop and the VPN client deployed - this part works without a problem.

    The desired outcome:

    I would like to add 2FA to the second workflow.

    1. I tried deploying NPS plug-in, however when performing testing showing the following error:

    The NPS plug-in logs works very incosistently, sometime logging errors, some times does not.
    When reloading IAS service, plug-in initialization writes results to the log correctly, Sometimes, errors corresponding to the above written in the following manner:
    [ERROR] : Missing password for user  ....
    [ERROR] : Missing password for user  ....

    Confirmed correct password for pem by importing the pfx to the internal store.
    The password, or the generated code is correct as with the same credential I'm able to login properly through any other configured app, such as Office365.
    I'm not sure if utilizing this plug-in would also impact Wireless Access, as we do not want to have it enabled for that, only for VPN access.
    Unless otherwise recommended, I would be more inclined to proxy RADIUS traffic from VPN devices to EG's validation server, but that part also does not work for some reason, user getting properly logged in and no 2FA initiated.
    Could you please advise what is the best approach here?
    Thank you.

  • 2.  RE: VIP integration with NPS

    Broadcom Employee
    Posted 08-11-2020 09:28 AM
    Hello Sergey -

    Did you end up opening a case for this issue?

  • 3.  RE: VIP integration with NPS

    Posted 08-11-2020 11:55 AM
    Hello Andreas,
    I did, but it was closed due to expired contract and outstanding payment from DXC to Symantec.
    Thank you.

    Sent from mobile device, please excuse any typos.