Re: [FW1] Problems with ACE authentication after upgrade to ACE 5.0

Sun, 26 Aug 2001 10:08:23 -0700 


I haven't upgraded to 5.0, but I have seen similar symptoms. It seems to 
me that we usually trace it back to one of two things. Either the 
encryption method (I think it should be DES for the firewall) - 
somewhere along the way the default changed and upgrading the ACE screws 
things up or IP address confusion (the IP address that the ACE server 
sees needs to be the same one the firewall thinks is it's primary (the 
one the hostname is tied too). Hope this helps.
Bill

On Friday, August 24, 2001, at 04:15 AM, Greg Polanski wrote:

>
> I just upgraded to ACE 5.0 from ACE 3.3.1 and not cannot
> authenticate SecuRemote !!
>
> In the past, I used the tool,   /opt/ace/prog/sdshell,
> to get the node secret and validate the node naming.
> I am doing the same thing now.
>
> 1.    When I authenticate for the first time, everything is OK
>
> 08/24/2001 09:28:21U polansg/diamond1.adc.com          
> 000025047284/Greg Po
> 08/24/2001 04:28:21L Passcode accepted                 nyland.adc.com
>
> 08/24/2001 09:28:23U polansg/diamond1.adc.com          ---->/
> 08/24/2001 04:28:23L Node secret sent to agent host    nyland.adc.com
>
> 2.    When I repeat the test case, the ACE server does not
>       want to validate anything about the node.
>       Yet when I run this on a non-firewall (single NIC) Sun
>       box, sdshell can be used again and again
>
> 08/24/2001 09:32:12U --------/diamond1.adc.com         ---->/
> 08/24/2001 04:32:12L Node verification failed          nyland.adc.com
>
>
> Can you help me out?
>
> greg
>
> _______________________________________________________________
> Greg Polanski                    mailto:[EMAIL PROTECTED]
> ADC Telecommunications, Inc.     952.917.0548
> MS 36                            952.917.0651 FAX
> PO Box 1101                      612.309.4493 cell/pager
> Minneapolis, MN  55440-1101      [EMAIL PROTECTED]
> _______________________________________________________________
>
>
> =========================================================================
> =======
>      To unsubscribe from this mailing list, please see the instructions 
> at
>                http://www.checkpoint.com/services/mailing.html
> =========================================================================
> =======
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to