Cisco ACS with RSA ACE (Callback)

schimekh · ‎09-23-2002

Hi !

I am using a Cisco ACS box combined with RSA ACE. Authentification is successful for the first time. But the router issues a callback and wants to authenticate twice. On the second attempt the tokencode is no longer valid - and callback is not successful because of the failure : RE-USE ATTACK

on the RSA ACE Server.

Why do I need a second authentification ? The call is successfully authenticated on the first time - why is there a second authentication needed ?

Thx Hans

lisa.hall · ‎09-27-2002

You may need to configure Token Caching as shown here:

http://www.cisco.com/warp/public/129/25.html

http://www.cisco.com/warp/public/129/26.html#intro

You may also want to ask your RSA people if a similar feature is avalable in the ACE Server.

guy.alexander · ‎01-06-2003

we are having the same problem you are describing .I see that your case is from september, did you solve it and how

thanks

guy

vsanavia · ‎01-13-2003

Hi,

You have to instruct the router to only authenticate on dialin and not on dialout with the following command:

ppp authentication pap callin

Also, you have to mak e sure that you use PAP (instead of the default CHAP) when authenticating with RSA tokens. Hope this helps,

Regards,

VS