Did you configure the secondary node on the agent host within RSA? The way I use this feature is to create the agent host with the 'real" IP an then click on the secondary host option and enter the NAT IP. Re-create the sdconf.rec and apply it to the host.
-----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of cisco4ng Sent: Tuesday, April 12, 2005 12:13 PM To: [email protected] Subject: [FW-1] RSA ACE Server/SecurID and NAT All, Anyone know if SecurID will work with NAT at all? I have this situation: SecurID RSA/ACE Server is behind a checkpoint firewall. RSA Server IP address is 192.168.1.100. This RSA ACE Server is static NATed by the checkpoint firewall to 129.174.1.8. I am using this SecurID Server as an authentication Server for SecureRemote users for other stand-alone Checkpoint Firewalls. I have to put the sdconf.rec file on these firewalls and it seems like the sdconf.rec contains the private ip address of the SecurID Server. I can't edit the sdconf.rec file because it is not an ascii text file. Is there a workaround for this? Has anyone ever tried SecurID through NAT either with Checkpoint, Cisco IOS or Cisco Pix? thanks. --------------------------------- Do you Yahoo!? Yahoo! Mail - You care about security. So do we. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
