Hi,
just wanted to tell you the solution for my problem: install HFA_03
Now i know the meaning of "increased stability with ldap" what is
mentioned in the release notes of HFA_03
increased stability = its working now
Best regards,
Alex
=================================================
Hi,
we want to authenticate our SecureClient users via Active Directory and
LDAP integration.
We have multiple Active Directory (AD) servers in different countries.
We configured them the same way but we experience different behavior.
SecureClient works when we logon with a user of AD1.
But when we try to connect with a user of AD2 we get the error message
"gateway not responding".
Smartview Tracker shows no drop/alerts or anything else. When we use a
wrong password then we get an error message that user or password is wrong.
We captured packets between the enforcement module and the ldap server
and they look the same on the working and the nonworking AD. First we
see the search query and after that a bind request with the user
credentials that succeeds.
Furthermore when we create a client auth rule theres no problem to
authenticate a user of the 2 AD server. So i´m pretty sure that LDAP is
configured correctly.
When we look at SecureClient Diagnostics we can see after Phase 1
Details (Main Mode completes) - XAuth: "Sending user authentication to
VPN-1 Gateway" and after that
"VPN-1 Gateway did not response to IKE key-exchange"
Gateway: Nokia IPSO 4.0 VRRP Cluster running NGX-R60-HFA02
SecureClient: NGX-R60-HFA1
Has anyone an idea where to look at ?
thanks in advance
Alex
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
| 