Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Problems with ACE authentication after upgrade to ACE 5.0

To: Greg Polanski <[email protected]>
Subject: Re: [FW1] Problems with ACE authentication after upgrade to ACE 5.0
From: Bill Husler <[email protected]>
Date: Sat, 25 Aug 2001 17:40:51 -0700
Cc: Firewall One List <[email protected]>
In-reply-to: <[email protected]>
Sender: [email protected]

I haven't upgraded to 5.0, but I have seen similar symptoms. It seems to me that we usually trace it back to one of two things. Either the encryption method (I think it should be DES for the firewall) - somewhere along the way the default changed and upgrading the ACE screws things up or IP address confusion (the IP address that the ACE server sees needs to be the same one the firewall thinks is it's primary (the one the hostname is tied too). Hope this helps. Bill

On Friday, August 24, 2001, at 04:15 AM, Greg Polanski wrote:

I just upgraded to ACE 5.0 from ACE 3.3.1 and not cannot
authenticate SecuRemote !!
In the past, I used the tool,   /opt/ace/prog/sdshell,
to get the node secret and validate the node naming.
I am doing the same thing now.
1. When I authenticate for the first time, everything is OK

08/24/2001 09:28:21U polansg/diamond1.adc.com/Greg Po 08/24/2001 04:28:21L Passcode accepted nyland.adc.com
08/24/2001 09:28:23U polansg/diamond1.adc.com          ---->/
08/24/2001 04:28:23L Node secret sent to agent host    nyland.adc.com
2.	When I repeat the test case, the ACE server does not
	want to validate anything about the node.
	Yet when I run this on a non-firewall (single NIC) Sun
	box, sdshell can be used again and again
08/24/2001 09:32:12U --------/diamond1.adc.com         ---->/
08/24/2001 04:32:12L Node verification failed          nyland.adc.com
Can you help me out?

greg
_______________________________________________________________
Greg Polanski                    mailto:[email protected]
ADC Telecommunications, IncMSFAX
PO Box 1cell/pager
Minneapolis, MN  [email protected]
_______________________________________________________________
========================================================================= ======= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ========================================================================= =======

================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] FW-1 install on Sun clustering system
Next by Date: RE: [FW1] Creating offline backup with FW4.1
Previous by thread: RE: [FW1] FW-1 install on Sun clustering system
Next by thread: Re: [FW1] Problems with ACE authentication after upgrade to ACE 5.0
Index(es):
- Date
- Thread