Re: [FW-1] SecurID Config

[Erin Young [Permanent Link]]

I've tried the method using the vip defined in the agent host and no luck, 
so i am know going to the next method, a seperate agent host for each of the 
Nokia's. I have two sets of documentation from checkpoint and one does not 
state anyhting about generating the node secret file for the agent host 
while the other one does. Which is correct?

> From: cisco4ng <cisco4ng AT YAHOO DOT COM>
> Reply-To: Mailing list for discussion of Firewall-1              
> <FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] SecurID Config
> Date: Tue, 27 Jun 2006 13:29:45 -0700
>
> You may want to try the first method.  I have the same issue with the 
> second
>   method.  I was told by RSA folks that the second method sometimes it 
> works and
>   most of the time it does not.  The first method works for me flawlessly
>
> Erin Young <y_erin AT HOTMAIL DOT COM> wrote:
>   Attempting to setup SecurID for use on 2 Nokias IPSO3.8 in a Fault 
> tolerance
> config running Checkpoint NG R55. Has anyone got this to work by defining
> the AceAgent host with the VIP? The checkpoint documentation states that 2
> methods can be used. First method is to define a seperate aceagent host for
> each Node (Nokia). The second method states that you can define one ace
> agent host file and use the VIP and define the physical interfaces as
> secondary nodes. I opted for the second and it's not working. Also, when I
> defined the aceagent host I created a DNS entry on our DNS server so the 
> Ace
> server can resolve the firewall to a DNS name. Must you define it in the
> local host file on th Ace server?
>
> _________________________________________________________________
> Don?t just search. Find. Check out the new MSN Search!
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
>
>
> ---------------------------------
> Want to be your own boss? Learn how on  Yahoo! Small Business.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
_________________________________________________________________
Don?t just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================