In step 3, you shouldn't select any scheme for authentication under the user's IKE properties, untick both boxes and try it. If the user's Auth scheme is SecurID it should work fine, otherwise there's some problem between the Firewall and ACE Server. At 16:54 08/01/2001 +0000, you wrote: >Hey Guys, > >I have an issue whereby I cannot ClientEncrypt off a Firewall using >SecurID as the Authentication method. > >On the Ace Server, I have defined: >(1) Firewall as a valid Client with "Secondary Node" definitions > >On the Firewall, I have defined: >(1) Rule passing tcp5510 and udp5500 between Ace Server and Firewall >(2) Copied /ace/data/sdconf.rec from Ace to /var/ace on the Firewall >bouncing Firewall appropriately. >(3) Set User to run with IKE and Auth Scheme of SecurID. The IKE >Properties have been set to an Auth of a Password. >(4) Defined appropriate ClientEncrypt rule and Encryption Domain > >I have replicated the hosts files on each of the boxes. > >I can retrieve Site happily, but on launching my session to the Encrypt >Domain I am not asked for a PASSCODE. It accepts the Password defined >under the IKE Properties. Strange? > >As a test, I attempted tcp connections on tcp 259 to the same Firewall. I >get the "C'Point Client Authentication Server running on ..." and I enter >a User and Passcode appropriately. However I get the error in the Client >Window "unable to activate SecurID auth". In the Firewall Log Viewer I get >Communication Problems. > >No also that no node secret is created on the Ace Server under the Clients >Window. > >Thanks, Terry. > >_________________________________________________________________________ >Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. > > > >================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
