I have a customer who had a solid SR configuration using SecurID
authentication. Since upgrading to 4.1 SP2 they have been having
intermittant problems:
1. SR 4118 FWZ
Dialup user connecting through ISP, after ~30 sec user sees error-
Error: no answer received from a firewall at site ###.###.###.###
If this problem persists please contact your system administrator.
Firewall log shows-
action info
reject rule 0 reason Client Encryption: SecurID request failed.
reject rule 0 reason Client Encryption: Failed to generate a shared
key
Ace Server (ver 4.1) shows-
no errors, no activity at all from the login.
After bouncing the firewall everything authenticates flawlessly.
2. SR 4157 IKE
Customer logged in via DSL connection & it took ~5 min to authenticate. No
errors in fw or Ace server log.
Next morning after the firewall was bounced authentication was normal speed.
3. SR 4005 FWZ
user logs in starts to authenticate
Firewall log shows-
action Info
authcrypt reason Client Encryption: Authenticated by SecurID scheme:
FWZ methods: Encapsulation, DES, DES, MD5
deauthorize reason Old SecuRemote
User is to the point of dropping back to 4.1SP1
Any suggestions are most welcome. Any ideas staying on 4.1SP2, dropping
back to SP1, firewall & management are on the same solaris box.
-PaulK
----------------------------------------------------------------------
Paul D. Keser
Sr. Engineer, Support Services
Dataway Inc.
San Francisco, CA
1-800-Dataway http:\\www.dataway.com
PGP fingerprint: BE1E 3210 79EF 9352 A031 4BA9 066C EB75 1FF4 9E97
----------------------------------------------------------------------
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
