Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 + RSA for VPN - needs 2 logins

We have an issue at the moment with ACS and RSA for authenticating VPN. Quite often we require 2 authentications before connection can be established. In the ACS logs it shows the first authentication as failed (although RSA passes both) with an error "External DB reports about an error condition"

3 REPLIES
Silver

Re: ACS 4.2 + RSA for VPN - needs 2 logins

You are hitting bug CSCsq93877. LDAP bind fails first time with clients using RSA token. VPN client with RSA tokens. vpn client logs in on ASA. ASA is with Radius connected to ACS. ACS ends Authentication request to RSA authentication Manager, If authentication is OK ACS looks up the user name with LDAP in AD 2003. All works fine except for one thing: the first time the user has to authenticate 2 times. authentication against RSA is OK. LDAP mapping doesn't work. ACS server gives error: External DB reports about an error condition.

New Member

Re: ACS 4.2 + RSA for VPN - needs 2 logins

Thanks drolemc, that seems to match our problem exactly (although we're using VPN concentrator appliances rather than ASA). Do you know if there's a fix for this bug? I can't seem to find anything googling for "CSCsq93877". Cheers

New Member

Re: ACS 4.2 + RSA for VPN - needs 2 logins

Sorry should have marked your reply more helpful - I managed to find that bug ID by logging in and using the tools. Update 4.2.0.124.8 apparently fixes that bug.

232
Views
3
Helpful
3
Replies