[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Ace Server 5.0 + Firewall-1 v4.1 sp5 + SecurID
Hi, I am trying to configure SecureClient access with SecurID authenication. I have followed the configuration notes provided by RSA and everything appears correct. The ACE server 5.0 is configured and is working correctly with SecurID. However when I try to connect using SecureClient the connection fails. I have monitored the public interface and private interface the Ace Server resides on while attempting to establish a connection. There is no traffic between Firewall-1 and the ACE server at any time, the snoop results in :- secureclient -> firewall TCP D=264 S=1039 Syn Seq=33248 Len=0 Win=8192 Options=<mss 1460> firewall -> secureclient TCP D=1039 S=264 Syn Ack=33249 Seq=413960518 Len=0 Win=8760 Options=<mss 1460> secureclient -> firewall TCP D=264 S=1039 Ack=413960519 Seq=33249 Len=0 Win=8760 secureclient -> firewall TCP D=264 S=1039 Ack=413960519 Seq=33249 Len=4 Win=8760 firewall -> secureclient TCP D=1039 S=264 Ack=33253 Seq=413960519 Len=0 Win=8756 secureclient -> firewall TCP D=264 S=1039 Ack=413960519 Seq=33253 Len=4 Win=8760 firewall -> secureclient TCP D=1039 S=264 Ack=33257 Seq=413960519 Len=0 Win=8760 firewall -> secureclient TCP D=1039 S=264 Ack=33257 Seq=413960519 Len=4 Win=8760 secureclient -> firewall TCP D=264 S=1039 Ack=413960523 Seq=33257 Len=4 Win=8756 firewall -> secureclient TCP D=1039 S=264 Ack=33261 Seq=413960523 Len=8 Win=8760 secureclient -> firewall TCP D=264 S=1039 Ack=413960531 Seq=33261 Len=4 Win=8748 firewall -> secureclient TCP D=1039 S=264 Ack=33265 Seq=413960531 Len=9 Win=8760 secureclient -> firewall TCP D=264 S=1039 Ack=413960540 Seq=33265 Len=0 Win=8739 firewall -> secureclient TCP D=1039 S=264 Fin Ack=33265 Seq=413960540 Len=8 Win=8760 secureclient -> firewall TCP D=264 S=1039 Ack=413960549 Seq=33265 Len=0 Win=8731 secureclient -> firewall TCP D=264 S=1039 Fin Ack=413960549 Seq=33265 Len=0 Win=8731 firewall -> secureclient TCP D=1039 S=264 Ack=33266 Seq=413960549 Len=0 Win=8760 secureclient -> firewall TCP D=264 S=1040 Syn Seq=33259 Len=0 Win=8192 Options=<mss 1460> firewall -> secureclient TCP D=1040 S=264 Syn Ack=33260 Seq=41896 4176 Len=0 Win=8760 Options=<mss 1460> secureclient -> firewall TCP D=264 S=1040 Ack=418964177 Seq=33260 Len=0 Win=8760 firewall -> secureclient TCP D=1040 S=264 Ack=33264 Seq=418964177 Len=0 Win=8760 secureclient -> firewall TCP D=264 S=1040 Ack=418964177 Seq=33260 Len=4 Win=8760 secureclient -> firewall TCP D=264 S=1040 Ack=418964177 Seq=33264 Len=4 Win=8760 firewall -> secureclient TCP D=1040 S=264 Ack=33268 Seq=418964177 Len=4 Win=8760 secureclient -> firewall TCP D=264 S=1040 Ack=418964181 Seq=33268 Len=4 Win=8756 firewall -> secureclient TCP D=1040 S=264 Ack=33272 Seq=418964181 Len=8 Win=8760 secureclient -> firewall TCP D=264 S=1040 Ack=418964189 Seq=33272 Len=4 Win=8748 firewall -> secureclient TCP D=1040 S=264 Ack=33276 Seq=418964189 Len=9 Win=8760 secureclient -> firewall TCP D=264 S=1040 Ack=418964198 Seq=33276 Len=0 Win=8739 firewall -> secureclient TCP D=1040 S=264 Ack=33276 Seq=418964198 Len=4 Win=8760 secureclient -> firewall TCP D=264 S=1040 Ack=418964202 Seq=33276 Len=4 Win=8735 firewall -> secureclient TCP D=1040 S=264 Ack=33280 Seq=418964202 Len=0 Win=8760 secureclient -> firewall TCP D=264 S=1040 Ack=418964202 Seq=33280 Len=62 Win=8735 firewall -> secureclient TCP D=1040 S=264 Ack=33342 Seq=418964202 Len=0 Win=8760 firewall -> secureclient TCP D=1040 S=264 Ack=33342 Seq=418964202 Len=377 Win=8760 secureclient -> firewall TCP D=264 S=1040 Ack=418964579 Seq=33342 Len=221 Win=8358 firewall -> secureclient TCP D=1040 S=264 Ack=33563 Seq=418964579 Len=0 Win=8760 firewall -> secureclient TCP D=1040 S=264 Ack=33563 Seq=418964579 Len=75 Win=8760 >From the Firewall logs :- "log" "accept" "FW1_topo" "secureclient" "tcp" "0" "1032" "" "" "" "" "" "" "" "" "" "firewall" " len 44" "log" "accept" "FW1_topo" "secureclient" "tcp" "0" "1033" "" "" "" "" "" "" "" "" "" "firewall" " len 44" "log" "reject" "" "secureclient" "ip" "0" "" "XsEF24Jk1" "" "" "" "" "" "" "" "" "firewall" " reason Refused Topology request. Authentication scheme not allowed for user." Thanks in advance Russell ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|