ACS 4.2 + RSA for VPN - needs 2 logins

Unanswered Question
Feb 4th, 2009
User Badges:

We have an issue at the moment with ACS and RSA for authenticating VPN. Quite often we require 2 authentications before connection can be established. In the ACS logs it shows the first authentication as failed (although RSA passes both) with an error "External DB reports about an error condition"

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
drolemc Tue, 02/10/2009 - 12:55
User Badges:
  • Silver, 250 points or more

You are hitting bug CSCsq93877. LDAP bind fails first time with clients using RSA token. VPN client with RSA tokens. vpn client logs in on ASA. ASA is with Radius connected to ACS. ACS ends Authentication request to RSA authentication Manager, If authentication is OK ACS looks up the user name with LDAP in AD 2003. All works fine except for one thing: the first time the user has to authenticate 2 times. authentication against RSA is OK. LDAP mapping doesn't work. ACS server gives error: External DB reports about an error condition.

franklinb Tue, 02/10/2009 - 14:54
User Badges:

Thanks drolemc, that seems to match our problem exactly (although we're using VPN concentrator appliances rather than ASA). Do you know if there's a fix for this bug? I can't seem to find anything googling for "CSCsq93877". Cheers

franklinb Tue, 02/10/2009 - 15:22
User Badges:

Sorry should have marked your reply more helpful - I managed to find that bug ID by logging in and using the tools. Update apparently fixes that bug.


This Discussion