[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] ACE/Checkpoint-VPN authentication problems
I have an ACE/Server 4.1 on NT 4 (SP6a) attaching to the Internal Port of a Nokia IP330 Firewall (Checkpoint-1 v4.1 sp2). The ACE/Server has been set up correctly according to RSA and other documents I have gleaned from the web. The sdconf.rec file has been placed in the /var/ace directory on the Firewall and both the ACE/Server and the Firewall are setup as clients. Address Resolution has been setup and tested in both directions. On the external port of the Firewall we have set up a Windows 2000 laptop using Checkpoint VPN-1 (v4.4 build 4166). Each login attempt gives the message "Access Denied". The error log on the ACE/Server shows "PASSCODE INCORRECT". The Firewall Log shows "Access denied- reason Client Encryption" Encryption is DES between the servers. User encryption uses FWZ. User authentication in the firewall is set to SecurID, User Encryption is FWZ with both options set to "Any". There are only two rules in the Firewall: 1. Source:SecureIDuser@any, Destination:Any, Service:Authenticated, Action: User Authentication. 2. Source:Any, Destination:Any, Service:Any, Action:Accept For some reason the Node secret (Securid file) is either not sent to or not accepted by the Firewall. If an NT based Firewall replaces the Nokia everything works perfectly. Anyone out there with the same problem, or even better, a solution? Mick E-MAIL DISCLAIMER: The information in this e-mail is confidential and may be legally privileged. It is intended solely for the addressee and access to the e-mail by anyone else is unauthorised. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients, any opinions or advice contained in this e-mail are subject to the terms and conditions expressed in the governing client engagement letter or contract. Incoming communications will be monitored, if you have received this is e-mail in error please forward to [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|