We are using the Cisco AnyConnect Secure mobility client 3.0.1047 with our ASA 5510's. Under Windows 7 we have SBL enabled using SecurID software tokens. When prompted to enter our PIN we receive 'login failed' every time. If I login without using SBL and then pull up the client to log in via VPN it works fine. I'm not sure why this is happening. We tested SBL with hardware tokens and it works fine, but we have ony a few users with hardware tokens and cannot use this as a preferred method.
The RSA Software Token software had to be configured to use single database mode. This is not the default setting and it is required in order to access software tokens prior to login. After we fixed that it worked. You can find the command line options for this in the RSA SecurID Software Token 4.1 Administrator's guide.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...