Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NEW PIN mode fails after migrating to new ACS version

Old setup.

CiscoSecure ACS v3.x

Windows server also has the RSA/ACE agent that queries a second server for SecurID authentication

C3745 and a PIX used for inbound remote access

Users access w/Cisco Systems VPN Client

Works great

New setup.

CiscoSecure ACS v4.0, running on a different Windows server

Slightly newer version of the RSA/ACE agent

Same C3745 and PIX

Same use4rs, same client.

Works great as long as the SecurID card is not in NEW PIN mode

If the card is in NEW PIN mode, the Cisco Systems VPN client of course prompts if the users wants to create a new pin. The answer is ?y? or ?n.? The client is then supposed to prompt for the PIN and then prompt a second time for the PIN. This never happens. Instead, w/in three seconds of the user saying ?y?, CSACS fails the user and the client terminates the connection.

Help!

Thanks,

Shane

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: NEW PIN mode fails after migrating to new ACS version

Hi

You may want to ping the Cisco TAC. I remember there were loads of issues with RSA authentication that may have been fixed after 4.0 shipped.

If you run csauth from the command line:

csauth -z -p

you'll see a whole load of debug.. look for "[Securid" to see all related messages.

Darran

2 REPLIES
Silver

Re: NEW PIN mode fails after migrating to new ACS version

Hi

You may want to ping the Cisco TAC. I remember there were loads of issues with RSA authentication that may have been fixed after 4.0 shipped.

If you run csauth from the command line:

csauth -z -p

you'll see a whole load of debug.. look for "[Securid" to see all related messages.

Darran

New Member

Re: NEW PIN mode fails after migrating to new ACS version

It runs out there is a bug in 4.0(1)B27 for this. The TAC was able to supply me with a patched version of CSAuth.exe. All fixed now. =)

145
Views
0
Helpful
2
Replies
CreatePlease to create content