|
Hi steve,
Check the following:
Check the encryption/authentication methods on
firewall and server.
Define the FW boxes as 'Communicaton Server' on the
ACE Server machine. Be sure that Sent Node Secret check box is
blank.
When defining the FW as clients on the server, make
sure that the primary node address is the IP address that the hostname of the FW
resolves to. You can do this by typing in 'hostname' on the firewall console and
then pinging the answer you get back.
Define the secondary nodes of the
firewall.
Check that the user is defined properly in the
security policy.
Check NAT rules. If any NAT is being done, make
sure there is a rule at the top of the policy that allows the FW's and SecurID
server to talk untranslated.
After copy the 'sdconf.rec' file into /var/ace
directory, delete /var/ace/securid and bounce FireWall-1 (fwstop;
fwstart).
After the first successful communication between
Firewall and ACE server, a file called 'securid' will get created under
'/var/ace' directory.
Hope this help you.
Victor Barrientos
Tivoli certified Consultant RSA Security Certified RSA ACE/Server Engineer ) Office: +54 11 4819 3903 ) Fax: +54 11 4811 7103 + Office eMail: [EMAIL PROTECTED] + Alternative eMail: [EMAIL PROTECTED] : Unifon Web Site: http://www.unifon.com.ar ----- Original Message -----
From: Steve Peters <[EMAIL PROTECTED]>
To: 'Victor Barrientos' <[EMAIL PROTECTED]>
Sent: Tuesday, October 03, 2000 5:22
PM
Subject: Ace Server/FW1 Question > hoping you could help. I have a question. I have created a user and allowed > secureID as the auth method, I also have put the sdconf.rec file in /var/ace > directory. But when I telnet to 259 and enter the username it prompts me > with the PASSCODE: prompt but when I enter the information I get the > following message "Unable to activate SecurID authentication" and in the fw > log I see a reject with the following in the Info section " reason SecurID > communication problem. > Any ideas? Anything would help, > > Thanks > Steve Peters > marchFIRST |
- [FW1] Static arp entries for NAT Victor Barrientos
- [FW1] Static arp entries for NAT Brad Van Orden
- Re: [FW1] Static arp entries for NAT Scott Schindler
- RE: [FW1] Re: Ace Server/FW1 Question kevin . t . martin
- Re: RE: [FW1] Re: Ace Server/FW1 Question Declan McKibben
- RE: [FW1] Re: Ace Server/FW1 Question Ronnie Rosenthal
- Re: [FW1] Re: Ace Server/FW1 Question Jason Witty
- RE: [FW1] Re: Ace Server/FW1 Question Hines, Stephen (ISSAtlanta)
