Have an IP440 passing SecurID auth off to a HA pair of ACE servers, one is based on the firewalls internal interface, one is external.
There is no NATing of addresses, but the firewall is setup to route between two subnets
The problem is that when a request is sent to the firewall for auth, it wont pass the request to the ACE server on its internal interface, instead it passes the request to the secondary server on the external interface
The sdconf file has all of the correct server ips and lists the internal ACE server as the primary.
I have tried to listen on both interfaces for traffic on port 5500 using tcpdump, but there is never any traffic passed to the internal interface, only to the external.
The firewall can ping the internal server, I can see its mac addr when I netstat.
1) Make sure you ACE Server is functioning properly,
2) Make sure the Firewall is communicating with the ACE Server,
To accomplish step #1, you can test this with Radius Server. ACE Server does come with native Radius server. Turn on the Radius server, setup the ruleset to allow proper communication and run a few simple tests. If that is working, then you know there are issues with using ACE Server sdconf.rec file.
This is exactly the same problem as what i am currently experiencing. When an external user tries to authenticate no traffic gets through the firewall to the ace server which is know it should and have a source of the internal interface.
I know the client auth is setup correctly and have the correct routes etc but no joy. When i telent to localhost on port 259 i can authenticate but the users cant.
