Thread: Next tokencode Mode and New Pin Issue(Secureid)
View Single Post
  #5 (permalink)  
Old 2006-03-06
munit_si@yahoo.com munit_si@yahoo.com is offline
Junior Member
  
Join Date: 2006-02-22
Posts: 28
Rep Power: 0
munit_si@yahoo.com has an average reputation (10+)
Default Re: Next tokencode Mode and New Pin Issue(Secureid)
Thanks, I was just looking on google to find solution for this issue

Got refrence for sdopts.rec file, will defining an interface IP from where the secure id packets will be sent , will solve the issue.


posted by phonenoy

<The ACE AGENT inside of VPN-1/FireWall1 embeds a hash of its IP Address in the authentication request packet before passing it to the ACE Server. The ACE Server will run a hash on the expected Source IP of the ACE AGENT and compare it to the received hash. The ACE Server uses the defined Primary Host Agent IP to derive this hash. If the two hashes do not match, the authentication request will be denied.

This method is problematic when an ACE AGENT is multihomed. The ACE AGENT may derive a hash from one of its other IP addresses. When this behavior occurs, it will be necessary to create a sdopts.rec file in the /var/ace directory. The sdopts.rec file will force the ACE AGENT to use a specific IP address to derive its hash.

To resolve the issue do the following:


create the sdopts.rec file in the /var/ace directory
Using VI, edit the sdopts.rec file and insert the line: CLIENT_IP=IP address of the ACE AGENT
restart FW-1 using cpstop;cpstart
Note it has been reported this will also correct issues using SecurID on Secure Platform.>


am i facing the same issue ?


any comments
Reply With Quote