Hey... you've gotten good advice already... just wanted to add the
following:
-Make sure you are using at least 4.1 SP2 for Hybrid Mode IKE (if using 4.1)
-Make sure you have selected Hybrid Mode IKE for SecuRemote under your
firewall objects IKE properties screen under the VPN tab
-Make sure you have the time synchronized within 1minute on the ACE server
and the FW...
just some ideas off the top of my head.. :)
Amin Tora
ePlus Technology
http://www.eplus.com
This message may contain confidential and/or proprietary information, and is
intended only for the person / entity to whom it was originally destined.
The use of this information and unauthorized access to this information for
any other means is strictly prohibited. The content of this message may
also contain private views and opinions that do not constitute a formal
disclosure or commitment unless specifically stated.
-----Original Message-----
From: Terry Thomas [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 08, 2001 11:55 AM
To: [EMAIL PROTECTED]
Subject: [FW1] SecurID PASSCODE not invoked with SecuRemote.
Hey Guys,
I have an issue whereby I cannot ClientEncrypt off a Firewall using SecurID
as the Authentication method.
On the Ace Server, I have defined:
(1) Firewall as a valid Client with "Secondary Node" definitions
On the Firewall, I have defined:
(1) Rule passing tcp5510 and udp5500 between Ace Server and Firewall
(2) Copied /ace/data/sdconf.rec from Ace to /var/ace on the Firewall
bouncing Firewall appropriately.
(3) Set User to run with IKE and Auth Scheme of SecurID. The IKE Properties
have been set to an Auth of a Password.
(4) Defined appropriate ClientEncrypt rule and Encryption Domain
I have replicated the hosts files on each of the boxes.
I can retrieve Site happily, but on launching my session to the Encrypt
Domain I am not asked for a PASSCODE. It accepts the Password defined under
the IKE Properties. Strange?
As a test, I attempted tcp connections on tcp 259 to the same Firewall. I
get the "C'Point Client Authentication Server running on ..." and I enter a
User and Passcode appropriately. However I get the error in the Client
Window "unable to activate SecurID auth". In the Firewall Log Viewer I get
Communication Problems.
No also that no node secret is created on the Ace Server under the Clients
Window.
Thanks, Terry.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
