Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] ACE/Server v5 with Checkpoint authentication?

To: [email protected]
Subject: Re: [FW-1] ACE/Server v5 with Checkpoint authentication?
From: Scott Friedman <[email protected]>
Date: Mon, 13 May 2002 15:56:03 -0400
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Ho is right, I just did one last week..  make sure that you put
something like this in the hosts file on the ACE Server

1.1.1.1    external   (this is the external IP of the firewall)
2.2.2.2    internal
3.3.3.3   dmz
(also any other interfaces the FW has)

then use external as the agent host, and all the other IF's as
secondary nodes...

also make sure you can resolve the ace server name exactly as it in
sdconf.rec on the firewall by using /etc/hosts

Scott J. Friedman, MCSE CCSE CCNA
Security & Cisco Routing Engineer
LDMI / Ideal Technology Solutions, U.S.
Email : [email protected]
Phone :www.itsusnow.com
www.ldmi.com

>>> [email protected] 05/13/02 03:07PM >>>
hi,

if you define the firewall as an agent host on the ace-server, put in
the ip-address of the external interface (interface which points to
the users). define the other interfaces as secondary nodes.
it's important, that the interface which points to the ace-server is
also listed as sec. node.

had troubles with this some days ago. "same" errors...

may this helps,
markus

At 14:43 13.05.2002 -0400, you wrote:
>Hi,
>
>I am trying to get ACE/Server v5.01 working with a Firewall-1 v4.1 SP3
box,
>and I cannot get it too work.  I have looked over the lists archives,
and
>tried everything that people have suggested, and can not get it too
work.
>When I do a telnet to the firewall on port 259, and enter the user
name
>(from ACE/Server user list), and the PIN+passcode, it comes back to me
and
>state "Unable to activate Secur-ID Authentication", and the Firewall-1
log
>viewer, shows an error "SecurID communcation problem".  It looks like
the
>Node Secret is NOT being sent to the Firewall, and I am unsure why?
>
>I have defined the additional interfaces on the firewall as Secondary
>Nodes, and set the Agent Type to: Communications Server.
>
>I have test it out by installing the Win32 ACE/Agent onto the SecurID
>server, and testing out the authentication, and that works from
there.
>
>Any help would be greatly appreciated.
>
>Thanks,
>
>
>Sean P. Donaghey
>Sr. Technical Analyst
>Hôtel-Dieu Grace Hospital
>Windsor, Ontario Canada
>
>Tel:Ext. 3717
>Fax:>Email: [email protected]
>
>=================================================
>To set vacation, Out Of Office, or away messages,
>send an email to [email protected]
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>[email protected]
>=================================================

-------------------------------------------------------------------
Markus Hofbauer                                          IT-Service
phone : +43 (1) 60 126-34                       Internet & Security
fax : +43 (1) 60 126-4                      Bacher Systems EDV GmbH
mail: [email protected]                               Wienerbergstr. 11B
www : http://www.bacher.at/            A-1101 Wien, Austria, Europe

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] ACE/Server v5 with Checkpoint authentication?
  - From: Russell Aspinwall <[email protected]>

Prev by Date: Re: [FW-1] backup interface wouldn't keep quite.
Next by Date: Re: [FW-1] Policy Editor and SR on same machine?
Previous by thread: Re: [FW-1] ACE/Server v5 with Checkpoint authentication?
Next by thread: Re: [FW-1] ACE/Server v5 with Checkpoint authentication?
Index(es):
- Date
- Thread