RSA secure 'next tokencode' not working with VPN client/PIX/TACACS

nickyh_is · ‎01-28-2008

Hi, I have implemented RSA secure ID with our remote access setup and I cannot get the VPN client to prompt for next tokencode. It always prompts for username/password so the user doesnt know they are in next token mode. We are using vpn client 4.8/pix 7.2 (3)/Cisco secure ACS ver4.0/RSA Auth manager 6.1. Can anyone offer any advice ?

Many thanks

Nicky

cisco24x7 · ‎01-28-2008

I have the same setup and it works fine for

me. I use ACS version 3.2 on Win2k3 and

RSA 6.1 on Linux. I configure the ACS for

External user authentication for remote access

VPN and also for managing cisco devices.

Users connect to the Cisco Pix 8.0(2) and

the authentication is checked by the ACS.

ACS then proxies off that authentication to

a RSA SecurID Server. next token code does work

here is an sample:

Username: test3

Password:

Enter your new PIN, containing 4 to 8 digits,

or

to cancel the New PIN procedure:

Please re-enter new PIN:

Wait for the code on your card to change, then log in with the new PIN

Enter PASSCODE:

C2960#

CCIE Security

nickyh_is · ‎01-29-2008

Hi thanks for your reply and your example. When I telnet to my pix I dont get the new pin prompt, the VPN client 4.8 does though which is weird ? What version of vpn client are you using ?

thanks

Nicky

cisco24x7 · ‎01-29-2008

I use vpn client version 4.8