Hey Guys,
I have an issue whereby I cannot ClientEncrypt off a Firewall using
SecurID as the Authentication method.
On the Ace Server, I have defined:
(1) Firewall as a valid Client with "Secondary Node" definitions
On the Firewall, I have defined:
(1) Rule passing tcp5510 and udp5500 between Ace Server and Firewall
(2) Copied /ace/data/sdconf.rec from Ace to /var/ace on the Firewall
bouncing Firewall appropriately.
(3) Set User to run with IKE and Auth Scheme of SecurID. The IKE
Properties have been set to an Auth of a Password.
(4) Defined appropriate ClientEncrypt rule and Encryption Domain
I have replicated the hosts files on each of the boxes.
I can retrieve Site happily, but on launching my session to the Encrypt
Domain I am not asked for a PASSCODE. It accepts the Password defined
under the IKE Properties. Strange?
As a test, I attempted tcp connections on tcp 259 to the same Firewall. I
get the "C'Point Client Authentication Server running on ..." and I enter
a User and Passcode appropriately. However I get the error in the Client
Window "unable to activate SecurID auth". In the Firewall Log Viewer I get
Communication Problems.
No also that no node secret is created on the Ace Server under the Clients
Window.
Thanks, Terry.
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================