SecurID/RADIUS/TACACS authentication methods are accessed through an External User Profile object (formerly known as the generic* user), which is always checked after the local user database then LDAP, and this order of operations cannot be changed. You have something wrong/misconfigured in your LDAP setup. If you have ruled out that it is a VPN issue then it would be a good idea to check if the issue persist when using the SSL VPN, you will need the Mobile Access for this to work.įinally I have faced some issues of VPN with s2s tunnels and remote access latency due to clamping, you can check sk90200 and sk98074, generally with the kernel parameter is enough. You may need to turn of SecureXL to perform this test correctly. If you go through SSL VPN you still have latency issues?īasically what you want to check by performing a TCPDUMP / FW MONITOR is to check where is the delay:Ĭheck the incoming request and the respective time (i, I, o O) and then check if the reply from the server is delayed or not. Is the RSA Authentication server on the same network as the VPN Firewall? It happened to me a lot of times where a customer blames the VPN or the appliance, but after performing a tcpdump / fw monitor analysis we could verify that the latency was from the server site. First of all it would be a great idea to actually be sure that the issues are generated by the VPN.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |