Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Ace Server 5.0 + Firewall-1 v4.1 sp5 + SecurID

To: [email protected]
Subject: [FW-1] Ace Server 5.0 + Firewall-1 v4.1 sp5 + SecurID
From: Russell Aspinwall <[email protected]>
Date: Wed, 31 Jul 2002 13:53:55 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,

I am trying to configure SecureClient access with SecurID authenication.
I have followed the configuration notes provided by RSA and everything
appears correct.

The ACE server 5.0 is configured and is working correctly with SecurID.
However when I try to connect using SecureClient the connection fails. I
have monitored the public interface and private interface the Ace Server
resides on while attempting to establish a connection. There is no
traffic between Firewall-1 and the ACE server at any time, the snoop
results in :-

secureclient -> firewall TCP D=264 S=1039 Syn Seq=33248 Len=0 Win=8192
Options=<mss 1460>
firewall -> secureclient TCP D=1039 S=264 Syn Ack=33249 Seq=413960518
Len=0 Win=8760 Options=<mss 1460>
secureclient -> firewall TCP D=264 S=1039     Ack=413960519 Seq=33249
Len=0 Win=8760
secureclient -> firewall TCP D=264 S=1039     Ack=413960519 Seq=33249
Len=4 Win=8760
firewall -> secureclient TCP D=1039 S=264     Ack=33253 Seq=413960519
Len=0 Win=8756
secureclient -> firewall TCP D=264 S=1039     Ack=413960519 Seq=33253
Len=4 Win=8760
firewall -> secureclient TCP D=1039 S=264     Ack=33257 Seq=413960519
Len=0 Win=8760
firewall -> secureclient TCP D=1039 S=264     Ack=33257 Seq=413960519
Len=4 Win=8760
secureclient -> firewall TCP D=264 S=1039     Ack=413960523 Seq=33257
Len=4 Win=8756
firewall -> secureclient TCP D=1039 S=264     Ack=33261 Seq=413960523
Len=8 Win=8760
secureclient -> firewall TCP D=264 S=1039     Ack=413960531 Seq=33261
Len=4 Win=8748
firewall -> secureclient TCP D=1039 S=264     Ack=33265 Seq=413960531
Len=9 Win=8760
secureclient -> firewall TCP D=264 S=1039     Ack=413960540 Seq=33265
Len=0 Win=8739
firewall -> secureclient TCP D=1039 S=264 Fin Ack=33265 Seq=413960540
Len=8 Win=8760
secureclient -> firewall TCP D=264 S=1039     Ack=413960549 Seq=33265
Len=0 Win=8731
secureclient -> firewall TCP D=264 S=1039 Fin Ack=413960549 Seq=33265
Len=0 Win=8731
firewall -> secureclient TCP D=1039 S=264     Ack=33266 Seq=413960549
Len=0 Win=8760
secureclient -> firewall TCP D=264 S=1040 Syn Seq=33259 Len=0 Win=8192
Options=<mss 1460>
firewall -> secureclient TCP D=1040 S=264 Syn Ack=33260 Seq=41896 4176
Len=0 Win=8760 Options=<mss 1460>
secureclient -> firewall TCP D=264 S=1040     Ack=418964177 Seq=33260
Len=0 Win=8760
firewall -> secureclient TCP D=1040 S=264     Ack=33264 Seq=418964177
Len=0 Win=8760
secureclient -> firewall TCP D=264 S=1040     Ack=418964177 Seq=33260
Len=4 Win=8760
secureclient -> firewall TCP D=264 S=1040     Ack=418964177 Seq=33264
Len=4 Win=8760
firewall -> secureclient TCP D=1040 S=264     Ack=33268 Seq=418964177
Len=4 Win=8760
secureclient -> firewall TCP D=264 S=1040     Ack=418964181 Seq=33268
Len=4 Win=8756
firewall -> secureclient TCP D=1040 S=264     Ack=33272 Seq=418964181
Len=8 Win=8760
secureclient -> firewall TCP D=264 S=1040     Ack=418964189 Seq=33272
Len=4 Win=8748
firewall -> secureclient TCP D=1040 S=264     Ack=33276 Seq=418964189
Len=9 Win=8760
secureclient -> firewall TCP D=264 S=1040     Ack=418964198 Seq=33276
Len=0 Win=8739
firewall -> secureclient TCP D=1040 S=264     Ack=33276 Seq=418964198
Len=4 Win=8760
secureclient -> firewall TCP D=264 S=1040     Ack=418964202 Seq=33276
Len=4 Win=8735
firewall -> secureclient TCP D=1040 S=264     Ack=33280 Seq=418964202
Len=0 Win=8760
secureclient -> firewall TCP D=264 S=1040     Ack=418964202 Seq=33280
Len=62 Win=8735
firewall -> secureclient TCP D=1040 S=264     Ack=33342 Seq=418964202
Len=0 Win=8760
firewall -> secureclient TCP D=1040 S=264     Ack=33342 Seq=418964202
Len=377 Win=8760
secureclient -> firewall TCP D=264 S=1040     Ack=418964579 Seq=33342
Len=221 Win=8358
firewall -> secureclient TCP D=1040 S=264     Ack=33563 Seq=418964579
Len=0 Win=8760
firewall -> secureclient TCP D=1040 S=264     Ack=33563 Seq=418964579
Len=75 Win=8760

>From the Firewall logs :-

  "log"  "accept"  "FW1_topo"  "secureclient"    "tcp"  "0"  "1032"  ""
""  ""  ""  ""  ""  ""  ""  ""  "firewall"  " len 44"

  "log"  "accept"  "FW1_topo"  "secureclient"    "tcp"  "0"  "1033"  ""
""  ""  ""  ""  ""  ""  ""  ""  "firewall"  " len 44"

  "log"  "reject"  ""  "secureclient"    "ip"  "0"  ""  "XsEF24Jk1"  ""
""  ""  ""  ""  ""  ""  ""  "firewall"  " reason Refused Topology
request. Authentication scheme not allowed for user."

Thanks in advance

Russell

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] FireWall Log
Next by Date: [FW-1] Checkpoint on Linux
Previous by thread: Re: [FW-1] FireWall Log
Next by thread: [FW-1] Checkpoint on Linux
Index(es):
- Date
- Thread