Thread: RSA authentication failure
View Single Post
  #9 (permalink)  
Old 2006-08-25
abusharif abusharif is offline
Senior Member
  
Join Date: 2006-04-27
Location: Twillight zone
Posts: 444
Rep Power: 3
abusharif has an average reputation (10+)
Default Re: RSA authentication failure
Quote:
Originally Posted by maurox View Post
Hi all,
on the "old" ( R55) cluster there isn't the flag for hide the outgoing traffic with the cluster IP.
But i find the solution on the release notes ( as suggested by northlandboy ) that say:
"When employing SecurID for authentication, it is recommended to define each cluster
member separately on the ACE/Server with its own unique (internal) IP address. In
addition, to send packets to the ACE/Server with their unique IP addresses and not the
VIP address, edit the file table.def, located in $FWDIR/lib. Change the line starting
with no_hide_services_ports to, for example, no_hide_services_ports = {<5500,
17>}, where 5500 is the service port and 17 (UDP) is the protocol."
I'm going to test it.....
Maurox


Just note that if you make HFA upgrades in future they will probably overwrite your .def file (just in case it stops working one day ;))
Reply With Quote