You should disable the line
#define ENABLE_LDAP_SERVER
In %os%\FW1\R60\fw1\lib\implied_rules.def to make sure that the ldap traffic
will be encrypted/decrypted by rulebase.
Best Regards
Frank
-----Original Message-----
From: Mailing list for discussion of Firewall-1 [mailto:FW-1-MAILINGLIST AT
AMADEUS.US.CHECKPOINT DOT COM] On Behalf Of Alex
Sent: Monday, June 26, 2006 4:40 PM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] SecureClient & LDAP
Hi,
we want to authenticate our SecureClient users via Active Directory and LDAP
integration.
We have multiple Active Directory (AD) servers in different countries.
We configured them the same way but we experience different behavior.
SecureClient works when we logon with a user of AD1.
But when we try to connect with a user of AD2 we get the error message "gateway
not responding".
Smartview Tracker shows no drop/alerts or anything else. When we use a wrong
password then we get an error message that user or password is wrong.
We captured packets between the enforcement module and the ldap server and they
look the same on the working and the nonworking AD. First we see the search
query and after that a bind request with the user credentials that succeeds.
Furthermore when we create a client auth rule theres no problem to authenticate
a user of the 2 AD server. So i´m pretty sure that LDAP is configured correctly.
When we look at SecureClient Diagnostics we can see after Phase 1 Details (Main
Mode completes) - XAuth: "Sending user authentication to
VPN-1 Gateway" and after that
"VPN-1 Gateway did not response to IKE key-exchange"
Gateway: Nokia IPSO 4.0 VRRP Cluster running NGX-R60-HFA02
SecureClient: NGX-R60-HFA1
Has anyone an idea where to look at ?
thanks in advance
Alex
=================================================
To set vacation, Out-Of-Office, or away messages, send an email to LISTSERV AT
amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
MAKINO DISCLAIMER----------------------------------------------------
This e-mail and any attachment is for authorised use by the intendent
recipient(s) only ! It may contain proprietary material, confidential
information and/ or subject to legal privilege. It should not be
copied, disclosed to, retained or used by any other party. If you are
not an intended recipient then please promptly delete this e-mail and
any attachment and all copies and inform the sender. Thank you.
------------------------------------------------end MAKINO DISCLAIMER
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
