[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] SecureClient and RSA ACE/Server (SecurID)

To: [email protected]
Subject: Re: [FW-1] SecureClient and RSA ACE/Server (SecurID)
From: "Marques, Ricardo" <[email protected]>
Date: Fri, 22 Nov 2002 08:39:20 -0600
Comments: To: "#CCSE-StudyGroup (E-mail)" <[email protected]>
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hello to all,

I solve my problem,

Thanks to all that help me
Ricardo Marques

-----Original Message-----
From: Marco Supino [mailto:[email protected]]
Sent: quarta-feira, 20 de Novembro de 2002 14:34
To: Marques, Ricardo
Subject: Re: SecureClient and RSA ACE/Server (SecurID)


Ok,

I have had the same problem, to try to debug do this : clear the "Send
node Secret" in the Client tab of the firewall in the SecurID config,
and try authenticating from the Firewall (not a regular client), this
should recreate the secret file on the firewall, and if it does what i
hope it will do, you will be authenticated in the first time, but all
the next times will fail, also check your "secondary nodes" that they
are correct, they should contain the INTERNAL interface of the firewall
talking with the SecurID server, the "Network address" (in the main
window) should have the VALID external IP of the firewall.

let me know

Marco.


"Marques, Ricardo" wrote:
>
> They are both Windows 2000 with SP3
>
> Ricardo Marques
>
> -----Original Message-----
> From: Marco Supino [mailto:[email protected]]
> Sent: quarta-feira, 20 de Novembro de 2002 14:27
> To: Marques, Ricardo
> Subject: Re: [FW-1] SecureClient and RSA ACE/Server (SecurID)
>
> What platform are you working on ? (the FW and SecureID)
>
> Marco.
>
> "Marques, Ricardo" wrote:
> >
> > Hello Marco,
> >
> > Thank you for your help,
> >
> > This is what i get:
> >
> > I can not validate users with RSA ACE/Agent installed on firewall-1.
This
> is
> > what i see in the online reports of RSA ACE/Server:
> >
> > (without creating a host for fw1)
> >
> > -------/10.100.2.253                    ------->/
> > agent host not found                    ace
> >
> > (creating a host for fw1, before activating user on it)
> >
> > teste2/fw1                                      ------->/
> > user not on agent host                  ace
> >
> > (creating a host for fw1, after activating user on it)
> > teste2/fw5/teste teste
> > ACCESS DENIED, passcode incorrect       ace
> >
> > I had tried several times, and the passcode is correct. If i try it from
> RSA
> > ACE/Agent installed on RSA ACE/Server machine it works fine. The first
> time
> > it asks for a pin conde, i enter the pin code, then i enter the pin code
> > with the new passcode, and it always work fine.
> >
> > In the firewall side i have tested with two users: one that have been
> tested
> > from the RSA ACE/Server side, and one that had never been tested, none
of
> > them works.
> >
> > Thank you again,
> > Ricardo Marques
> >
> > -----Original Message-----
> > From: Marco Supino [mailto:[email protected]]
> > Sent: quarta-feira, 20 de Novembro de 2002 14:20
> > To: [email protected]
> > Subject: Re: [FW-1] SecureClient and RSA ACE/Server (SecurID)
> >
> > Hi,
> >
> > i am runnign FP3 and had 4.1 with ACE 4.1 working fine, i know it can
> > make you crazy to make it work, let me know what you do, i will try to
> > help,
> >
> > "Marques, Ricardo" wrote:
> > >
> > > Hello all,
> > >
> > > Does anyone ever put this to work: RSA ACE/Server 5 (SecurID) and
> > > SecureClient?
> > >
> > > When i test the authentication from the RSA side it works fine, when i
> > test
> > > it from the firewall side, i receive a message "ACCESS DENIED wrong
> > > passcode"
> > >
> > > Any ideas how to solve this?
> > >
> > > THanks in adavance,
> > > Ricardo Marques
> > >
> > > =================================================
> > > To set vacation, Out Of Office, or away messages,
> > > send an email to [email protected]
> > > in the BODY of the email add:
> > > set fw-1-mailinglist nomail
> > > =================================================
> > > To unsubscribe from this mailing list,
> > > please see the instructions at
> > > http://www.checkpoint.com/services/mailing.html
> > > =================================================
> > > If you have any questions on how to change your
> > > subscription options, email
> > > [email protected]
> > > =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] CCSA exam today...any wise words?
Next by Date: Re: [FW-1] Contivity VPN Client vs Checkpoint FW
Prev by thread: Re: [FW-1] SecureClient and RSA ACE/Server (SecurID)
Next by thread: [FW-1] Policy editor closing
Index(es):
- Date
- Thread