|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [fw1-wizards] RE: [FW1] IKE/ACE Authenticated Topology downlo ads for SecuRemote ?
There's the rub. You have to use that user strictly for creating the site (one time only). Afterwards, you need to authenticate with a different user (presumably securid or other hybrid-type auth method). The simplest way to allow a fresh login is to reboot the machine (again, this is only the first time), although you may also have success with doing an "erase passwords" in the SR app, then killing and restarting it. An alternate method that I didn't mention in my last mail is to create the site on one machine, then copy the userc.c file from the $securemotedir\database directory from that machine to the target machine that needs the site definition. This file (userc.c) includes all the site information that SR needs, such that you never have to do a "create site" on the new machine - you'd only need to update if your internal topology changes. NOTE: you can also replace the default userc.c file in your installation directory with your specific userc.c, so that new installs will automatically have the site defined - very handy. Please let me know if this helps, or if you have more questions. Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders -----Original Message----- From: Scott Jucht [mailto:[email protected]] Sent: Wednesday, November 08, 2000 8:50 AM To: 'Dan Hitchcock' Subject: RE: [fw1-wizards] RE: [FW1] IKE/ACE Authenticated Topology downlo ads for SecuRemote ? I am having a problem setting up the user strictly for the purpose of the topology download. Once I connect and download the topology all request get dropped from my FireWall because my user has no access. It never prompts me for my securid user or anything else after. If you could shed any light on this work around I would really appreciate it. Scott Jucht Network Engineer BANKFIRST Nope, you're not missing anything. Checkpoint support verified that this is exactly the case. You cannot download topology using hybrid mode authentication. This is lame. A workaround is to maintain account(s) with shared secret auth and no network access privileges (done via user groups or in the user definition itself) strictly for the purpose of topology download. What I haven't been able to test is if automatic topology update works with hybrid mode. I would expect that it doesn't - anyone? Dan Hitchcock CCNA, MCSE Network Engineer Xylo, Inc. (formerly employeesavings.com)The work/life solution for corporate thought leaders -----Original Message----- From: Jeff Newton [mailto:[email protected]] Sent: Wednesday, November 01, 2000 4:04 PM To: [email protected] Cc: [email protected] Subject: [FW1] IKE/ACE Authenticated Topology downloads for SecuRemote? I've got SecurID authentication to work with IKE for SecuRemote sessions but can't seem to use it to do topology/key downloads. Am I limited to IKE/shared secret for topology downloads? Seems silly for Checkpoint to offer hybrid mode, support SecurID for the session auth and then limit topology downloads to shared secrets? Am I missing something here? Cheers, ---- Jeff Newton Security Analyst PMC-Sierra Inc. ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== --------------------------------------------------------------------- This email came from the FireWall-1 Wizards Mailing List To unsubscribe, e-mail: [email protected] For more information, email: [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
