Config for IOS based VPN- 4.x client using RSA SecurID Xauth ?

PNTECH · ‎09-11-2003

Hello,

Does anyone have a working sample IOS router config for VPN 4.x client access using RSA SecurID ?

During authentication, the 4.x client simply hangs when it is supposed to prompt for change user pin. In the RSA log it shows a successful initial user authentication, and change user pin req'd. Thats it. On the client side it just hangs until the session times out. If I manually assign the pin at the RSA server to get the account past new pin mode, the subsequent authentications work fine.

These are my RADIUS related config lines I am using in the router:

aaa authentication login RSA group radius local

aaa authorization network remgroup local

aaa session-id common

crypto map FID_VPN client authentication list RSA

crypto map FID_VPN isakmp authorization list remgroup

RSA authentication works fine. Its just new pin mode and next token mode that freeze it up.

Any Thoughts ??

jsivulka · ‎09-17-2003

I couldn't find exactly what you are looking for. However, a document that comes close is Configuring Cisco VPN Client 3.x for Windows to IOS Using Local Extended Authentication (http://www.cisco.com/warp/public/471/ios-unity.html)

PNTECH · ‎09-17-2003

thanks, I appreciate your help. Apparently the problem is only with the RSA server trying to send the New Pin Mode or Next Token Mode prompts. Users can sucessfully authenticate to the RSA server, however, if their key fob is in either of those two modes, it accepts the login, but then it just hangs when its supposed to display the additional prompts. I really can't tell at this point if its a problem on the Cisco end or the RSA end. The IOS ver is 12.2(8)T5 and the client is 4.0.2(B) Maybe its a s/w bug ? I am fairly familiar with the RSA ace server and have never had problems connecting it to a PIX, but this is the first router-RSA install I have done.

Anyone's ideas would be most appreciated ..