Hi All, I've spent a day on this without much success.
Enforcement module is Checkpoint NGx R61 with HFA_01 on Nokia IPSO 4.1 build 33. Just a single firewall but I am running Nokia VRRP on the enforcement module SmartCenter is Checkpoint NGx R61 with HFA_01 on Nokia IPSO 4.1 build 33 as well. Everything is running on eval license. RSA SecurID is running on Windows 2003 Enterprise Server SP2. I also SmartConsole installed on this server as well. Nokia Enforcement module has an IP address of 10.209.84.36/24 with the VRRP ip address of 10.209.94.35. SmartCenter has an IP address of 10.209.84.37/24. RSA SecurID has an IP address of 10.209.84.27/24. I create an account on the RSA server called "testme" and give it Administrator privilege. I also created an agent host for SmartCenter. I then generate the file sdconf.rec for this agent host and dump it into the /var/ace directory of the Smartcenter. Then I cpstop;cpstart the SmartCenter. I then create an admin account on the Smartcenter and give it SecurID. I can get log into the Smartcenter with account I created on the RSA Server just fine. Everything is good so far. I then created another agent host on the RSA server for the Nokia firewall. on the Agent host for the nokia firewall, I specified "communication server". I specified the ip address 10.209.84.36 for the agent host; on the "secondary nodes", I specified the VRRP address of Nokia firewall. I then generated the sdconf.rec file and dump it into the /var/ace directory of the Nokia firewall. I then perform "cpstop;cpstart" on the nokia firewalls. I created "generic*" account with external profile on the smartcenter and assigned "SecurID" for authentication. I then created a group users called "test-group" and have generic* as member. I then created a secureremote vpn rule via simplified mode. Finally I push the policy. Now everything I try to authenticate via SecureRemote, I always see the message on the RSA server log file as: testme/dca2-nokia-1-P access denied, bad user password. I know that I have the right password because this testme account is the admin account that I use to log onto the RSA server itself. I've seen this error in the past and to fix it, I have to regenerate a new sdconf.rec file. However, I've done it about 20 times already this time around and it is still not working. Can someone help please? Thanks. --------------------------------- Never miss an email again! Yahoo! Toolbar alerts you the instant new Mail arrives. Check it out. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
