Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problems with callback and SecureID

Users can call to my 3640 and, after it authenticates them with AAA RADIUS, it makes a callback and it works fine. I need to authenticate the users with RADIUS and SecureID. The initial authentication works fine, but when the router calls back the koken has changed and the user is invalid...

I already have configured this in the asyn group:

ppp authentication pap callin

but the router still tries to authenticate the call out .

I see many people has this problem,,,, is any solution???

I use analog lines and this is the sh version:

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IK2S-M), Version 12.1(1)T, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2000 by cisco Systems, Inc.

Compiled Fri 17-Mar-00 06:43 by ccai

Image text-base: 0x80008088, data-base: 0x80E4CC38

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

RPCA_MT_202 uptime is 56 minutes

System returned to ROM by reload

System image file is "flash:c2600-ik2s-mz.121-1.T.r.bin"

cisco 2620 (MPC860) processor (revision 0x102) with 36864K/4096K bytes of memory.

Processor board ID JAD044201NR (4069313368)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

1 FastEthernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

8 terminal line(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Thanks....

2 REPLIES
Cisco Employee

Re: Problems with callback and SecureID

Sounds like you need to enable token-caching on the ACS server, this way it'll keep track of the old tokens for a defined period of time and automatically authenticate the callback. This is also used with ISDN/multilink calls for bringing up the second channel a short time after the first.

Under the Group settings on ACS, there's a section for Token Card's. Select Duration and say, 2 minutes and see how that goes. You may need to play with the time depending on your setup.

More information on token caching is available in the online docs.

New Member

Re: Problems with callback and SecureID

Thanks, it worked fine.....!!

169
Views
0
Helpful
2
Replies
CreatePlease login to create content