Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1794
Views
0
Helpful
2
Replies

Problems with callback and SecureID

csanoja
Level 1
Level 1

‎03-06-2003 04:26 PM - edited ‎03-10-2019 07:11 AM

Users can call to my 3640 and, after it authenticates them with AAA RADIUS, it makes a callback and it works fine. I need to authenticate the users with RADIUS and SecureID. The initial authentication works fine, but when the router calls back the koken has changed and the user is invalid...

I already have configured this in the asyn group:

ppp authentication pap callin

but the router still tries to authenticate the call out .

I see many people has this problem,,,, is any solution???

I use analog lines and this is the sh version:

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-IK2S-M), Version 12.1(1)T, RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2000 by cisco Systems, Inc.

Compiled Fri 17-Mar-00 06:43 by ccai

Image text-base: 0x80008088, data-base: 0x80E4CC38

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

RPCA_MT_202 uptime is 56 minutes

System returned to ROM by reload

System image file is "flash:c2600-ik2s-mz.121-1.T.r.bin"

cisco 2620 (MPC860) processor (revision 0x102) with 36864K/4096K bytes of memory.

Processor board ID JAD044201NR (4069313368)

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

1 FastEthernet/IEEE 802.3 interface(s)

2 Serial(sync/async) network interface(s)

8 terminal line(s)

32K bytes of non-volatile configuration memory.

8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102

Thanks....

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎03-10-2003 08:58 PM

Sounds like you need to enable token-caching on the ACS server, this way it'll keep track of the old tokens for a defined period of time and automatically authenticate the callback. This is also used with ISDN/multilink calls for bringing up the second channel a short time after the first.

Under the Group settings on ACS, there's a section for Token Card's. Select Duration and say, 2 minutes and see how that goes. You may need to play with the time depending on your setup.

More information on token caching is available in the online docs.

0 Helpful

csanoja
Level 1
Level 1
In response to gfullage

‎03-11-2003 03:34 AM

Thanks, it worked fine.....!!

0 Helpful
Customers Also Viewed These Support Documents