RSA secure 'next tokencode' not working with VPN client/PIX/TACACS

Unanswered Question
Jan 28th, 2008
User Badges:

Hi, I have implemented RSA secure ID with our remote access setup and I cannot get the VPN client to prompt for next tokencode. It always prompts for username/password so the user doesnt know they are in next token mode. We are using vpn client 4.8/pix 7.2 (3)/Cisco secure ACS ver4.0/RSA Auth manager 6.1. Can anyone offer any advice ?

Many thanks


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
cisco24x7 Mon, 01/28/2008 - 08:36
User Badges:
  • Silver, 250 points or more

I have the same setup and it works fine for

me. I use ACS version 3.2 on Win2k3 and

RSA 6.1 on Linux. I configure the ACS for

External user authentication for remote access

VPN and also for managing cisco devices.

Users connect to the Cisco Pix 8.0(2) and

the authentication is checked by the ACS.

ACS then proxies off that authentication to

a RSA SecurID Server. next token code does work

here is an sample:

Username: test3


Enter your new PIN, containing 4 to 8 digits,


to cancel the New PIN procedure:

Please re-enter new PIN:

Wait for the code on your card to change, then log in with the new PIN



CCIE Security

nickyh_is Tue, 01/29/2008 - 00:23
User Badges:

Hi thanks for your reply and your example. When I telnet to my pix I dont get the new pin prompt, the VPN client 4.8 does though which is weird ? What version of vpn client are you using ?



cisco24x7 Tue, 01/29/2008 - 02:54
User Badges:
  • Silver, 250 points or more

I use vpn client version 4.8


This Discussion