10-04-2011 09:57 AM
I am trying to authenticate admin users using an RSA SecurID server. I have configured the server on the firewall itself, and configured teh login procedure to use the RSA server, however when I try to authenticate I get the error:
"Admin user User1 has been rejected via the SecurID server at 0.0.0.0." (User1 can authenticate to other things using our RSA server)
set auth-server "rsa" id 2
set auth-server "rsa" server-name "x.x.x.x"
set auth-server "rsa" account-type admin
set auth-server "rsa" type securid
set auth-server "rsa" securid encr 0
set auth-server "rsa" src-interface "vlan1" (this is a Layer 2 firewall set up, but I have also tried leaving src-interface blank)
set admin auth server "rsa"
set admin auth remote primary
set admin privilege read-write
This is a testing box, so my policies are ALLOW: ALL for all the zones.
Anyone run into this before?
10-04-2011 08:43 PM
It's been a while since I've configured RSA, but I recall needing a Host Agent which matches the IP of the ScreenOS box. Has that been setup?
10-10-2011 04:43 PM
IIRC the 0.0.0.0 bit means that the agent host is not setup on RSA and it may also mean that the node_secret is off.
Attached is a Word export of a write-up we have on our internal network wiki based on a project that we did with SSG, RSA, and Netscreen-Remote.
PDF export was doing some weird stuff to the formatting so I had to stick with MS Word