[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] SecurID PASSCODE not invoked with SecuRemote.
Hey... you've gotten good advice already... just wanted to add the following: -Make sure you are using at least 4.1 SP2 for Hybrid Mode IKE (if using 4.1) -Make sure you have selected Hybrid Mode IKE for SecuRemote under your firewall objects IKE properties screen under the VPN tab -Make sure you have the time synchronized within 1minute on the ACE server and the FW... just some ideas off the top of my head.. :) Amin Tora ePlus Technology http://www.eplus.com This message may contain confidential and/or proprietary information, and is intended only for the person / entity to whom it was originally destined. The use of this information and unauthorized access to this information for any other means is strictly prohibited. The content of this message may also contain private views and opinions that do not constitute a formal disclosure or commitment unless specifically stated. -----Original Message----- From: Terry Thomas [mailto:[email protected]] Sent: Monday, January 08, 2001 11:55 AM To: [email protected] Subject: [FW1] SecurID PASSCODE not invoked with SecuRemote. Hey Guys, I have an issue whereby I cannot ClientEncrypt off a Firewall using SecurID as the Authentication method. On the Ace Server, I have defined: (1) Firewall as a valid Client with "Secondary Node" definitions On the Firewall, I have defined: (1) Rule passing tcp5510 and udp5500 between Ace Server and Firewall (2) Copied /ace/data/sdconf.rec from Ace to /var/ace on the Firewall bouncing Firewall appropriately. (3) Set User to run with IKE and Auth Scheme of SecurID. The IKE Properties have been set to an Auth of a Password. (4) Defined appropriate ClientEncrypt rule and Encryption Domain I have replicated the hosts files on each of the boxes. I can retrieve Site happily, but on launching my session to the Encrypt Domain I am not asked for a PASSCODE. It accepts the Password defined under the IKE Properties. Strange? As a test, I attempted tcp connections on tcp 259 to the same Firewall. I get the "C'Point Client Authentication Server running on ..." and I enter a User and Passcode appropriately. However I get the error in the Client Window "unable to activate SecurID auth". In the Firewall Log Viewer I get Communication Problems. No also that no node secret is created on the Ace Server under the Clients Window. Thanks, Terry. _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|