Hello list! Need your expertise, please... Just did an upgrade to our CiscoSecureACS for NT box from V.2.4 to V.2.5 in order to support a CiscoVPN5000 concentrator we are testing out. We can confirm that the CiscoSecureACS successfully authenticates users through some of our perimeter devices using RADIUS (IETF), and can even do so with the additional use of token cards However, a CheckPoint FW-1 box on site running Security Policy and Software version 3.0B will not authenticate. We can trace packets from/to the CiscoSecureACS box and see CiscoSecureACS responding to the requests, but the FW-1 just doesn't seem to understand the reply or acknowledge it as being successful. CiscoSecureACS logs do not indicate a failure and a 'radtest' at the CiscoSecure box indicates authentication is successful (as does the token server), but authentication attempts through FW-1 say 'Radius servers not responding'. One thing we've noticed in comparing the packets of CS ACS V.2.4 and V.2.5 is that the response packets from the CS ACS server V.2.5 are *longer* than in V.2.4 ... specifically, V.2.4 has reply packet length=28; V.2.5 has reply packet length=46 Can anyone 1) clarify why and what changed re: the packet size from V.2.4 to V.2.5 and 2) suggest a solution, or offer explanation of what might be going on? THANKS! - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
