Firewall Wizards mailing list archives
Re: Contivity ES1000 and SecurID
From: Jeff_Needle_Pop () BayNetworks COM (Jeff Needle Pop)
Date: Mon, 22 Mar 1999 11:58:49 -0500
03/18/1999 16:53:42 0 Security [11] Radius: verified server "aceserver.ip.address" reply, result: -2, message: Non-matching id in server response. 03/18/1999 16:53:42 0 Security [12] Radius: "aceserver.ip.address" sent invalid response packet for "username". 03/18/1999 16:53:42 0 Security [13] Session: IPSEC[username]:24 authentication failed using RADIUS
This indicates that something happened with the Identifier field in transit. We explicitly check that to make sure the packet is part of the same transaction we think it is. My guess is that someone, probably Micro-Annex XL terminal server, isn't preserving the Identifier field. If you send me a sniffer trace from between the Contivity and the radius server, I'd be happy to have a look and confirm that.
(1) Is anyone successfully using a Contivity box with SecurID authentication? If so, is it necessary to upgrade the aceserver server software to version 3.3?
We've got lots of folks using Contivity with SecurID. Probably the majority. We've tested fairly extensively with Shiva Access Manager, Funk/BSAC, Safeword, and SDI's Radius server. Jeff Needle, VPN Specialist Nortel Networks / Extranet Access ---------------------------------------- Jeff Needle, VPN Specialist jneedle () nortelnetworks com Nortel Networks / Extranet Access 978-635-2036
Current thread:
- Contivity ES1000 and SecurID Kennedy Lemke (Mar 19)
- Re: Contivity ES1000 and SecurID Jeff Needle Pop (Mar 23)