Re: Contivity ES1000 and SecurID

[Jeff_Needle_Pop () BayNetworks COM (Jeff Needle Pop)]

> 03/18/1999 16:53:42 0 Security [11] Radius: verified server 
> "aceserver.ip.address" reply, result: -2, message: Non-matching id in server 
> response. 
> 03/18/1999 16:53:42 0 Security [12] Radius: "aceserver.ip.address" sent 
> invalid response packet for "username". 
> 03/18/1999 16:53:42 0 Security [13] Session: IPSEC[username]:24 
> authentication failed using RADIUS 

This indicates that something happened with the Identifier field in
transit.  We explicitly check that to
make sure the packet is part of the same transaction we think it is.  My
guess is that someone, 
probably Micro-Annex XL terminal server, isn't preserving the Identifier
field.  If you send me a sniffer 
trace from between the Contivity and the radius server, I'd be happy to
have a look and confirm that.

> (1) Is anyone successfully using a Contivity box with SecurID authentication?
>    If so, is it necessary to upgrade the aceserver server software to
>    version 3.3?

We've got lots of folks using Contivity with SecurID.  Probably the
majority.  We've tested fairly
extensively with Shiva Access Manager, Funk/BSAC, Safeword, and SDI's
Radius server.

Jeff Needle, VPN Specialist            
Nortel Networks / Extranet Access  
----------------------------------------
Jeff Needle, VPN Specialist            jneedle () nortelnetworks com
Nortel Networks / Extranet Access           978-635-2036