[FW1] Sec Policy download : Authentication failures

Fri, 09 Feb 2001 09:49:48 -0800 


Hi all,

   I am facing a problem with regards to authentication, I have read quite
some entries
 on Phoneboy, some from other knowledge bases but am not able to find what
goes
 wrong.

   The problem : A remotely managed Firewall is not able to fetch it's
security policy from
                a Management Server, nor is the Management Server able to
download
                the Security Policy to the Firewall module

    Configuration :  Fw-A is ... let's say 1.1.1.1 on the outside and
2.1.1.1 on the inside, 
                           behind Fw-A I have my Management Server with
address 2.1.2.2 that I
                   Nat to 1.1.1.2 let's say

                   May be important to say that this means that Fw-A
internal and Mgmt Srv
                   have a router between them.

                           Fw-B has IP address 3.1.1.1

    Hardware : Firewall are Nokias ... IPSO 3.3 +  fw-1/vpn-1 V4.1-SP2
                     Mgmt Srv : Win Nt 4.0 + Fw-1/vpn-1 V4.1-SP2

    When I try to fw fetch 1.1.1.2, from Fw-B, I get the Authentication
Failed message, which
   means that the Fw-B could talk to my Management Server. What's strange is
that if I do
   a fw fetch -d ... is that I will use fwa1 authentication method but my
peer is 2.1.2.2 and not
   1.1.1.2, my masters file on this Firewall contains 1.1.1.2

    When I try to download my security from the management server, I get a
download failed +
  unauthorized action ( I checked the Phoneboy faqs 189 and 38, but they
don't seem to help)

    I have defined in the hosts file the Fw-A - Fw-B - Mgmt Srv - Mgmt Srv
Nat 

    Last the Fw-B and Fw-A are defined in the clients file ....

    I tried to reconfigure the Firewall, remove and add the clients,
rebooted ... don't know what to do
  anymore.

    Thank you for any advise/experience you may have/had.

Met vriendelijke groeten - Bien à vous - Kind regards

Guy ROELANDTS
Compaq Software Engineer - Belgium
E-mail : [EMAIL PROTECTED]
Tel: +32(02)729.77.44 (options  3 - 3 - 1)
Fax: +32(02)729.77.65



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to