[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Problems with user authentication
I have weird problem with user suthentication. I'm running FW-1 4.0 on HP-UX box, with 3 interfaces, external, internal and DMZ. I managed to get ACE authentication to work, but, when I try to connect with user authentication from outside, this is what I get: [my machine on Internet][~/tmp 1 #516 10:52]> telnet XXX.XXX.XXX.XXX Trying... Connected to XXX.XXX.XXX.XXX. Escape character is '^]'. Local flow control off Check Point FireWall-1 authenticated Telnet server running on ita1 User: nfrances PASSCODE: **** User nfrances authenticated by SecurID Connection to XXX.XXX.XXX.XXX failed Connection closed by foreign host. where XXX.XXX.XXX.XXX is external address on Internet. Policy is set as: first rule, <user group> <name of host, which is staticly nated> <telnet> <user auth> second rule, <not localent> <name of host which is staticly nated> <telnet> <reject> Also, if I remove user authentication, and allow direct telnet to inside, it works to connect from Internet! But, as soon as I add user authentication, it fails. Also, note that with this user authentication, I can connect to Internet from Intranet, if I set to use it (same user authentication), but it doesnt work from Internet to Intranet. I also tried to change 2nd rule to allow, just to see what happens - also fails, although it should let me in, and here's the messages agin of what I get: [my machine on Internet][~/tmp 1 #513 10:46]> telnet XXX.XXX.XXX.XXX Trying... Connected to XXX.XXX.XXX.XXX. Escape character is '^]'. Local flow control off Check Point FireWall-1 authenticated Telnet server running on ita1 Connection to XXX.XXX.XXX.XXX failed Connection closed by foreign host. Any ideas what's happening here? ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|