Hi,

on a  ClusterXL Installation with R81 HF65 we want to use SecureID Authentication with SoftTokens on Mobile-Access / VPN-RAS.

The AM-Server ist setup and a SoftToken-Test from an iPhone is succesful.

We use the UDP-Agent Variant (no Radius).

The Authentication-Agent File sdconf.rec is distributed to both Gateways.

However the Gateways never send one Paket to the AM-Server on Authentication through the VPN-Portal.

The ACE-Server is correctly defined under Servers.

DNS-Resolution is ok from IP to FQDN and vice versa.

The correct Atuhentication Profile is shown in the VPN-Portal.

The LOG-Viewer only says: 

Category: Session
Event Type: Login
Name: Mobile Access Portal
Version: R81
User: xxxxxxxxxx@domain.com
Authentication Method: SecurID
Login Option: New Login Option with Token
Failed Login Factor Number:1
OS Name: Windows
OS Version: 10.0
Browser: Edge Chromium
Re-authentication every:
Login Timestamp: 2022-05-17T10:06:55Z
Source Country: Germany
Source: xxx.xxx.xxx.xxx
Source Port: 59913
IP Protocol: 6
Destination Port: 443
Data Protocol: SSL
Status: Failure
Reason: Unknown user
Suppressed Logs: 0
Mobile Access Session UID: 628373BF-0001-...
Action: Failed Log In
Type: Log
Blade: Mobile Access
Service: TCP/443
Product Family: Access
Marker: @A@@B@1652738400@C@1340235
Log Server Origin: 10.241.0.2
Origin Log Server IP: 10.241.0.2
Index Time: 2022-05-17T10:06:55Z
Lastupdatetime: 1652782015000
Lastupdateseqnum: 28
Severity: Informational
Confidence Level: N/A
Stored: true
OS: Windows 10.0
Login Option Factors: SecurID

The only thing I have not done yet is to do a CPStop/CPStart on the Gateways after defining the SecureID-Server and pushing the Policy.

Is this a mandatory Step? I did not find anything about that.

Thank you

Joachim Brandt