Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SecurID PASSCODE not invoked with SecuRemote.

To: "'Terry Thomas'" <[email protected]>, [email protected]
Subject: RE: [FW1] SecurID PASSCODE not invoked with SecuRemote.
From: Amin Tora <[email protected]>
Date: Mon, 8 Jan 2001 14:01:53 -0500
Sender: [email protected]


Hey... you've gotten good advice already... just wanted to add the
following:

-Make sure you are using at least 4.1 SP2 for Hybrid Mode IKE (if using 4.1)
-Make sure you have selected Hybrid Mode IKE for SecuRemote under your
firewall objects IKE properties screen under the VPN tab
-Make sure you have the time synchronized within 1minute on the ACE server
and the FW... 

just some ideas off the top of my head..  :)


Amin Tora
ePlus Technology
http://www.eplus.com

This message may contain confidential and/or proprietary information, and is
intended only for the person / entity to whom it was originally destined.
The use of this information and unauthorized access to this information for
any other means is strictly prohibited.  The content of this message may
also contain private views and opinions that do not constitute a formal
disclosure or commitment unless specifically stated.


-----Original Message-----
From: Terry Thomas [mailto:[email protected]]
Sent: Monday, January 08, 2001 11:55 AM
To: [email protected]
Subject: [FW1] SecurID PASSCODE not invoked with SecuRemote.



Hey Guys,

I have an issue whereby I cannot ClientEncrypt off a Firewall using SecurID 
as the Authentication method.

On the Ace Server, I have defined:
(1) Firewall as a valid Client with "Secondary Node" definitions

On the Firewall, I have defined:
(1) Rule passing  tcp5510 and udp5500  between Ace Server and Firewall
(2) Copied /ace/data/sdconf.rec from Ace to /var/ace on the Firewall 
bouncing Firewall appropriately.
(3) Set User to run with IKE and Auth Scheme of SecurID. The IKE Properties 
have been set to an Auth of a Password.
(4) Defined appropriate ClientEncrypt rule and Encryption Domain

I have replicated the hosts files on each of the boxes.

I can retrieve Site happily, but on launching my session to the Encrypt 
Domain I am not asked for a PASSCODE. It accepts the Password defined under 
the IKE Properties. Strange?

As a test, I attempted tcp connections on tcp 259 to the same Firewall. I 
get the "C'Point Client Authentication Server running on ..." and I enter a 
User and Passcode appropriately. However I get the error in the Client 
Window "unable to activate SecurID auth". In the Firewall Log Viewer I get 
Communication Problems.

No also that no node secret is created on the Ace Server under the Clients 
Window.

Thanks, Terry.

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Securemote / DNS
Next by Date: RE: [FW1] followed up udp packets are blocked
Previous by thread: Re: [FW1] SecurID PASSCODE not invoked with SecuRemote.
Next by thread: [FW1] problems setting up a NAT
Index(es):
- Date
- Thread