01-16-2007 05:05 PM - edited 03-10-2019 02:55 PM
Old setup.
CiscoSecure ACS v3.x
Windows server also has the RSA/ACE agent that queries a second server for SecurID authentication
C3745 and a PIX used for inbound remote access
Users access w/Cisco Systems VPN Client
Works great
New setup.
CiscoSecure ACS v4.0, running on a different Windows server
Slightly newer version of the RSA/ACE agent
Same C3745 and PIX
Same use4rs, same client.
Works great as long as the SecurID card is not in NEW PIN mode
If the card is in NEW PIN mode, the Cisco Systems VPN client of course prompts if the users wants to create a new pin. The answer is ?y? or ?n.? The client is then supposed to prompt for the PIN and then prompt a second time for the PIN. This never happens. Instead, w/in three seconds of the user saying ?y?, CSACS fails the user and the client terminates the connection.
Help!
Thanks,
Shane
Solved! Go to Solution.
01-17-2007 04:53 AM
Hi
You may want to ping the Cisco TAC. I remember there were loads of issues with RSA authentication that may have been fixed after 4.0 shipped.
If you run csauth from the command line:
csauth -z -p
you'll see a whole load of debug.. look for "[Securid" to see all related messages.
Darran
01-17-2007 04:53 AM
Hi
You may want to ping the Cisco TAC. I remember there were loads of issues with RSA authentication that may have been fixed after 4.0 shipped.
If you run csauth from the command line:
csauth -z -p
you'll see a whole load of debug.. look for "[Securid" to see all related messages.
Darran
01-17-2007 12:32 PM
It runs out there is a bug in 4.0(1)B27 for this. The TAC was able to supply me with a patched version of CSAuth.exe. All fixed now. =)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: