Did you also add the firewall and it's other IP addresses to the ACE server?
Besides adding the the firewall IP address on the ACE server side, you sometimes
also need to add additional IP addresses to that entry containing other
IP addresses on your firewall. This actually appears to be dependant on your
primary name/IP on the box. If the primary OS name and IP is for an Internet side
of the firewall, then you need to add both the Internet IP and your local network
IP address to the ACE server. If your primary name/IP is on your local network side
then that is all you should need (if it doesn't work then add other IP's to it
too).
As long as you copied the sdconf.rec file (I think you might need DNS resolving too
for the ACE server, but I'm not sure on that) and you added the firewalls with
their IP addresses to the ACE server then it should work.
Ron
Kevin Leong wrote:
> Hi there.....
>
> Has anyone here have any experiences in implementing SecureID within a
> firewalled (Checkpoint FW-1 4.1) network? I am currently testing client
> authentication using SecureID with the firewall. The connection runs well;
> users are prompted with username and passcode when they log in using telnet
> and http. But they could not be authenticated and the error in ACESERVER
> says ACCESS DENIED, PASSCODE INCORRECT. I have verified with all the
> passcodes and the username, and they are all correct. Other than that, the
> rule used in FW-1 is Source(testusers@any) to Destination(Ace Server) Any
> Services using Client Authentication.
>
> Another thing is, the log viewer states that the user uses an unknown
> service to nowhere (destination is blank) and is rejected by rule 0. I have
> not reach the state of implementing any anti-spoofing yet, so the rule 0
> could not be related to that.
>
> Do I have to allow any special ports for SecureID to run properly?? Any
> suggestions or comments regarding (or not at all) this matter pls drop me a
> line....needing it urgently!!!!
>
> Thanks!!
>
> Kevin
> ________________________________________________________________________
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
begin:vcard
n:Atkinson;Ron
tel;fax:313 235-0340
tel;work:313 235-3558
x-mozilla-html:TRUE
org:Detroit Edison;Information Protection
adr:;;2000 Second Ave;Detroit;MI;48226;US
version:2.1
email;internet:[EMAIL PROTECTED]
title:Software Engineer
x-mozilla-cpt:;-29184
fn:Ron Atkinson
end:vcard
S/MIME Cryptographic Signature
