Environment
Novell Access Manager 3.0
Novell Access Manager 3.0 Service Pack 4
Novell Access Manager 3.0 Service Pack 4
Situation
- Novell Access Manager Console (AC) and the Linux Access Gateway (LAG) are not located in the same network
- Running the "/chroot/lag/opt/novell/bin/lagconfigure.sh" does not import any LAG component (AGW, ESP)
- JCC on the LAG logs the following warning messages while running the import process:
Request is not from one of our DeviceWARNING Managers at [10.0.1.42]
Jun 25, 2009 3:55:40 PM com.novell.jcc.servlet.DispatchServlet doGet
INFO: Received GET: /Ex?Version:/cfg/proxy from 192.168.0.1:11105
Jun 25, 2009 3:55:40 PM com.novell.jcc.servlet.DispatchServlet doGet
INFO: Received GET: /Ex?Version:/cfg/proxy from 192.168.0.1:11105
Resolution
The router in the communication path between the AC and the LAG was configured for running dynamic NAT. Therefore any request from the AC in order to launch the import process comes from the source IP address assigned to the routing device (192.168.0.1) instead of the IP address assigned to the AC (10.0.1.42). For security reasons the LAG will not accept such a request and denies to run the import process. Make sure there is not NAT enabled device in the communication path between any Novell Access Manager device and the AC