NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] ACE/Checkpoint-VPN authentication problems



I have an ACE/Server 4.1 on NT 4 (SP6a) attaching to the Internal Port of a
Nokia IP330 Firewall (Checkpoint-1 v4.1 sp2).  The ACE/Server has been set up
correctly according to RSA and other documents I have gleaned from the web.  The
sdconf.rec file has been placed in the /var/ace directory on the Firewall and
both the ACE/Server and the Firewall are setup as clients.  Address Resolution
has been setup and tested in both directions.

On the external port of the Firewall we have set up a Windows 2000 laptop using
Checkpoint VPN-1 (v4.4 build 4166).  Each login attempt gives the message
"Access Denied".  The error log on the ACE/Server shows "PASSCODE INCORRECT".
The Firewall Log shows "Access denied- reason Client Encryption"

Encryption is DES between the servers.  User encryption uses FWZ.  User
authentication in the firewall is set to SecurID, User Encryption is FWZ with
both options set to "Any".  There are only two rules in the Firewall:

1.  Source:SecureIDuser@any, Destination:Any, Service:Authenticated, Action:
User Authentication.
2.  Source:Any, Destination:Any, Service:Any, Action:Accept

For some reason the Node secret (Securid file) is either not sent to or not
accepted by the Firewall.  If an NT based Firewall replaces the Nokia everything
works perfectly.

Anyone out there with the same problem, or even better, a solution?

Mick

E-MAIL DISCLAIMER: The information in this e-mail is confidential and may be
legally privileged. It is intended solely for the addressee and access to the
e-mail by anyone else is unauthorised. If you are not the intended recipient,
any disclosure, copying, distribution or any action taken or omitted to be taken
in reliance on it, is prohibited and may be unlawful. When addressed to our
clients, any opinions or advice contained in this e-mail are subject to the
terms and conditions expressed in the governing client engagement letter or
contract. Incoming communications will be monitored, if you have received this
is e-mail in error please forward to [email protected]




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.