[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] ACE/Server v5 with Checkpoint authentication?
Ho is right, I just did one last week.. make sure that you put something like this in the hosts file on the ACE Server 1.1.1.1 external (this is the external IP of the firewall) 2.2.2.2 internal 3.3.3.3 dmz (also any other interfaces the FW has) then use external as the agent host, and all the other IF's as secondary nodes... also make sure you can resolve the ace server name exactly as it in sdconf.rec on the firewall by using /etc/hosts Scott J. Friedman, MCSE CCSE CCNA Security & Cisco Routing Engineer LDMI / Ideal Technology Solutions, U.S. Email : [email protected] Phone :www.itsusnow.com www.ldmi.com >>> [email protected] 05/13/02 03:07PM >>> hi, if you define the firewall as an agent host on the ace-server, put in the ip-address of the external interface (interface which points to the users). define the other interfaces as secondary nodes. it's important, that the interface which points to the ace-server is also listed as sec. node. had troubles with this some days ago. "same" errors... may this helps, markus At 14:43 13.05.2002 -0400, you wrote: >Hi, > >I am trying to get ACE/Server v5.01 working with a Firewall-1 v4.1 SP3 box, >and I cannot get it too work. I have looked over the lists archives, and >tried everything that people have suggested, and can not get it too work. >When I do a telnet to the firewall on port 259, and enter the user name >(from ACE/Server user list), and the PIN+passcode, it comes back to me and >state "Unable to activate Secur-ID Authentication", and the Firewall-1 log >viewer, shows an error "SecurID communcation problem". It looks like the >Node Secret is NOT being sent to the Firewall, and I am unsure why? > >I have defined the additional interfaces on the firewall as Secondary >Nodes, and set the Agent Type to: Communications Server. > >I have test it out by installing the Win32 ACE/Agent onto the SecurID >server, and testing out the authentication, and that works from there. > >Any help would be greatly appreciated. > >Thanks, > > >Sean P. Donaghey >Sr. Technical Analyst >Hôtel-Dieu Grace Hospital >Windsor, Ontario Canada > >Tel:Ext. 3717 >Fax:>Email: [email protected] > >================================================= >To set vacation, Out Of Office, or away messages, >send an email to [email protected] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[email protected] >================================================= ------------------------------------------------------------------- Markus Hofbauer IT-Service phone : +43 (1) 60 126-34 Internet & Security fax : +43 (1) 60 126-4 Bacher Systems EDV GmbH mail: [email protected] Wienerbergstr. 11B www : http://www.bacher.at/ A-1101 Wien, Austria, Europe ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|