Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] IKE + SecurID, SB

To: Pag <[email protected]>, [email protected]
Subject: Re: [FW1] IKE + SecurID, SB
From: "Rink van de Graaf" <[email protected]>
Date: Thu, 15 Mar 2001 08:35:49 +0100
Organization: Loyens & Loeff
References: <[email protected]>
Sender: [email protected]

Install a ACE client (from distribution media) onto the firewall and copy the sdconf.rec from the master ACE to the client ACE directory.
Check that you have create a client in the ACE server with the ipaddress of the interface the FW is communicating with de ACE server.
Check that your FW object and Users in the rule base allows SecureID authentication.

If still not working link the $ACE_DIR/data/sdconf.rec to $ACE_DIR/sdconf.rec
trace (snoop/tcpdump) the interface on port 5500 if there is any communication between you FW an the ACE server.
Check out the FW & ACE log!

Rink van de Graaf.

 Pag wrote:

> Environment:
> Sun Solaris 7    (with last patch)
> Checkpoint Fw-1 4.1 SP3 (last patch)
> SecuRemote    4.1 build 4176    (last patch)
> ACE/Server 4.0    and SecurID (with last patch)
> StoneBeat site 3.1.5 for HighAvailability (last version)
>
> Guide:
> http://www.deathstar.ch/security/fw1/HighAvailability/FAQ0173.htm
>
> Problem (message by SecuRemote client):
> Negotiation with firewall at site ..xxx.xxx has failed. Access denied
> for user testuser by SecurID.
>
> -----
> Authentication with FW1/VPN password is OK, but SecurID authentication
> doesn't function.
>
> PAG
> Security Administrator & Firewall Specialist
> [email protected]
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>               http://www.checkpoint.com/services/mailing.html
> ================================================================================

****************************************************************************************************************
This e-mail message is intended exclusively for the addressee(s). If the e-mail was sent to you by mistake, would you please contact us immediately by e-mail at [email protected]. In that case, we also request that you destroy the e-mail and that you neither use the contents nor disclose them in any manner to third parties, because the message may contain confidential information which is protected by professional secrecy.
Any addressee should be aware that general conditions apply to the services provided by Loyens & Loeff (www.loyensloeff.com) and that  Internet e-mail is subject to risks; Loyens & Loeff therefore denies any responsibility for damages resulting from the use of Internet e-mail.
****************************************************************************************************************************

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] IKE + SecurID, SB
  - From: "Pag" <[email protected]>

Prev by Date: [FW1] VPN-1 + Interface NAT'ing + Nokia IP650
Next by Date: Re: [FW1] Solaris8
Previous by thread: [FW1] IKE + SecurID, SB
Next by thread: [FW1] SecureRemote error. Site manager.cdc.gov says that it is not a Ce rtificate Authority
Index(es):
- Date
- Thread