NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] SecurID PASSCODE not invoked with SecuRemote.




In step 3, you shouldn't select any scheme for authentication under the user's IKE properties, untick both boxes and try it. If the user's Auth scheme is SecurID it should work fine, otherwise there's some problem between the Firewall and ACE Server.



At 16:54 08/01/2001 +0000, you wrote:


Hey Guys,

I have an issue whereby I cannot ClientEncrypt off a Firewall using SecurID as the Authentication method.

On the Ace Server, I have defined:
(1) Firewall as a valid Client with "Secondary Node" definitions

On the Firewall, I have defined:
(1) Rule passing tcp5510 and udp5500 between Ace Server and Firewall
(2) Copied /ace/data/sdconf.rec from Ace to /var/ace on the Firewall bouncing Firewall appropriately.
(3) Set User to run with IKE and Auth Scheme of SecurID. The IKE Properties have been set to an Auth of a Password.
(4) Defined appropriate ClientEncrypt rule and Encryption Domain


I have replicated the hosts files on each of the boxes.

I can retrieve Site happily, but on launching my session to the Encrypt Domain I am not asked for a PASSCODE. It accepts the Password defined under the IKE Properties. Strange?

As a test, I attempted tcp connections on tcp 259 to the same Firewall. I get the "C'Point Client Authentication Server running on ..." and I enter a User and Passcode appropriately. However I get the error in the Client Window "unable to activate SecurID auth". In the Firewall Log Viewer I get Communication Problems.

No also that no node secret is created on the Ace Server under the Clients Window.

Thanks, Terry.

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================



================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.