Hi steve,
Check the following:
Check the encryption/authentication methods on
firewall and server.
Define the FW boxes as 'Communicaton Server' on the
ACE Server machine. Be sure that Sent Node Secret check box is
blank.
When defining the FW as clients on the server, make
sure that the primary node address is the IP address that the hostname of the FW
resolves to. You can do this by typing in 'hostname' on the firewall console and
then pinging the answer you get back.
Define the secondary nodes of the
firewall.
Check that the user is defined properly in the
security policy.
Check NAT rules. If any NAT is being done, make
sure there is a rule at the top of the policy that allows the FW's and SecurID
server to talk untranslated.
After copy the 'sdconf.rec' file into /var/ace
directory, delete /var/ace/securid and bounce FireWall-1 (fwstop;
fwstart).
After the first successful communication between
Firewall and ACE server, a file called 'securid' will get created under
'/var/ace' directory.
Hope this help you.
----- Original Message -----
Sent: Tuesday, October 03, 2000 5:22
PM
Subject: Ace Server/FW1 Question
> Hi I've read the posts on the
newsgroup about ACE Server and FW1 and was
> hoping you could help. I have
a question. I have created a user and allowed
> secureID as the auth
method, I also have put the sdconf.rec file in /var/ace
> directory. But
when I telnet to 259 and enter the username it prompts me
> with the
PASSCODE: prompt but when I enter the information I get the
> following
message "Unable to activate SecurID authentication" and in the fw
> log I
see a reject with the following in the Info section " reason SecurID
>
communication problem.
> Any ideas? Anything would help,
>
> Thanks
> Steve Peters
> marchFIRST
