Config for IOS based VPN- 4.x client using RSA SecurID Xauth ?
Does anyone have a working sample IOS router config for VPN 4.x client access using RSA SecurID ?
During authentication, the 4.x client simply hangs when it is supposed to prompt for change user pin. In the RSA log it shows a successful initial user authentication, and change user pin req'd. Thats it. On the client side it just hangs until the session times out. If I manually assign the pin at the RSA server to get the account past new pin mode, the subsequent authentications work fine.
These are my RADIUS related config lines I am using in the router:
aaa authentication login RSA group radius local
aaa authorization network remgroup local
aaa session-id common
crypto map FID_VPN client authentication list RSA
crypto map FID_VPN isakmp authorization list remgroup
RSA authentication works fine. Its just new pin mode and next token mode that freeze it up.
Re: Config for IOS based VPN- 4.x client using RSA SecurID Xauth
thanks, I appreciate your help. Apparently the problem is only with the RSA server trying to send the New Pin Mode or Next Token Mode prompts. Users can sucessfully authenticate to the RSA server, however, if their key fob is in either of those two modes, it accepts the login, but then it just hangs when its supposed to display the additional prompts. I really can't tell at this point if its a problem on the Cisco end or the RSA end. The IOS ver is 12.2(8)T5 and the client is 4.0.2(B) Maybe its a s/w bug ? I am fairly familiar with the RSA ace server and have never had problems connecting it to a PIX, but this is the first router-RSA install I have done.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :