Re: [FW1] SecurID PASSCODE not invoked with SecuRemote.

dgrabowski Mon, 08 Jan 2001 10:16:36 -0800


Sounds like it may be a problem between the FW and ACE server. To rule that
out, install the ACE client on the firewall and try a test authentication.

Note: I ran into problems setting this up a while back, and it turned out
that I needed to allow *ICMP* as well (otherwise, it would timeout)

Dave Grabowski
System Arts, Inc.
(212) 604-9015 x316
[EMAIL PROTECTED]


                                                                                       
                                                   
                    "Terry Thomas"                                                     
                                                   
                    <[EMAIL PROTECTED]>                 To:     
[EMAIL PROTECTED]                          
                    Sent by:                                    cc:                    
                                                   
                    [EMAIL PROTECTED]        Subject:     [FW1] 
SecurID PASSCODE not invoked with SecuRemote.          
                    kpoint.com                                                         
                                                   
                                                                                       
                                                   
                                                                                       
                                                   
                    01/08/2001 11:54 AM                                                
                                                   
                                                                                       
                                                   
                                                                                       
                                                   





Hey Guys,

I have an issue whereby I cannot ClientEncrypt off a Firewall using SecurID

as the Authentication method.

On the Ace Server, I have defined:
(1) Firewall as a valid Client with "Secondary Node" definitions

On the Firewall, I have defined:
(1) Rule passing  tcp5510 and udp5500  between Ace Server and Firewall
(2) Copied /ace/data/sdconf.rec from Ace to /var/ace on the Firewall
bouncing Firewall appropriately.
(3) Set User to run with IKE and Auth Scheme of SecurID. The IKE Properties

have been set to an Auth of a Password.
(4) Defined appropriate ClientEncrypt rule and Encryption Domain

I have replicated the hosts files on each of the boxes.

I can retrieve Site happily, but on launching my session to the Encrypt
Domain I am not asked for a PASSCODE. It accepts the Password defined under

the IKE Properties. Strange?

As a test, I attempted tcp connections on tcp 259 to the same Firewall. I
get the "C'Point Client Authentication Server running on ..." and I enter a

User and Passcode appropriately. However I get the error in the Client
Window "unable to activate SecurID auth". In the Firewall Log Viewer I get
Communication Problems.

No also that no node secret is created on the Ace Server under the Clients
Window.

Thanks, Terry.

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.



================================================================================

     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================







================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Re: [FW1] SecurID PASSCODE not invoked with SecuRemote.

Reply via email to
