Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Sec Policy download : Authentication failures

To: [email protected]
Subject: [FW1] Sec Policy download : Authentication failures
From: "Roelandts, Guy" <[email protected]>
Date: Fri, 9 Feb 2001 17:52:15 -0000
Sender: [email protected]

Hi all,

   I am facing a problem with regards to authentication, I have read quite
some entries
 on Phoneboy, some from other knowledge bases but am not able to find what
goes
 wrong.

   The problem : A remotely managed Firewall is not able to fetch it's
security policy from
		a Management Server, nor is the Management Server able to
download
		the Security Policy to the Firewall module

    Configuration :  Fw-A is ... let's say 1.1.1.1 on the outside and
2.1.1.1 on the inside, 
                           behind Fw-A I have my Management Server with
address 2.1.2.2 that I
		   Nat to 1.1.1.2 let's say

 		   May be important to say that this means that Fw-A
internal and Mgmt Srv
  		   have a router between them.

                           Fw-B has IP address 3.1.1.1

    Hardware : Firewall are Nokias ... IPSO 3.3 +  fw-1/vpn-1 V4.1-SP2
                     Mgmt Srv : Win Nt 4.0 + Fw-1/vpn-1 V4.1-SP2

    When I try to fw fetch 1.1.1.2, from Fw-B, I get the Authentication
Failed message, which
   means that the Fw-B could talk to my Management Server. What's strange is
that if I do
   a fw fetch -d ... is that I will use fwa1 authentication method but my
peer is 2.1.2.2 and not
   1.1.1.2, my masters file on this Firewall contains 1.1.1.2

    When I try to download my security from the management server, I get a
download failed +
  unauthorized action ( I checked the Phoneboy faqs 189 and 38, but they
don't seem to help)

    I have defined in the hosts file the Fw-A - Fw-B - Mgmt Srv - Mgmt Srv
Nat 

    Last the Fw-B and Fw-A are defined in the clients file ....

    I tried to reconfigure the Firewall, remove and add the clients,
rebooted ... don't know what to do
  anymore.

    Thank you for any advise/experience you may have/had.

Met vriendelijke groeten - Bien à vous - Kind regards

Guy ROELANDTS
Compaq Software Engineer - Belgium
E-mail : [email protected]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] SP2 & 3 on VPN-1 V4.1 under Solaris
Next by Date: RE: [FW1] Any-->does this include....
Previous by thread: [FW1] SP2 & 3 on VPN-1 V4.1 under Solaris
Next by thread: [FW1] "nameserver" in Service column in log files?
Index(es):
- Date
- Thread