Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN Client with Certifcate stored on Gemplus Smart Card System

Hello to everybody

I have an installation in which I am using a VPN Client to establish VPN Tunnel towards a VPN Concentrator with certificates stored on a Gemplus Smart Card System.

VPN Client is 4.0.3F

VPN Concentrator is 4.0.1

Unfortunately I observe a strange behaviour, and I would like to know if there is a workaround.

The first time the user opens a new tunnel, the VPN Client rquires the user to insert the PIN for the smart card. If the Idle Timeout is set to a certain value, after the idle timeout expires the tunnel is obviously deleted.

At this point the strange behaviour occurs. If the user opens a new IPSEC tunnel, the VPN client connects directly to the concentrator without requiring the insertion of the PIN for the smart card. And this is true far all the subsequent tunnels.

The same behaviour occurs also if the user manually disconnects the tunnel and subsequently tries to reconnect.

The only way to require the request of the PIN for every subsequent new IPSEC tunnel establishment is to unplug and plug again the smart card, or also to stop and start the Cisco VPN Service (in the latter case is not necessary to unplug the smart card).

If any of these operations is performed, when the user opens a new tunnel he must insert the smart card PIN in order to establish the tunnel.

Definitively it looks like the Cisco VPN Client caches in some way the PIN.

Unfortunately I found no option neither in the GUI nor in the configuration files in order to disable this behaviour.

My question is: does any of you know a method in order to change this behavoiur and make the VPN client requires the PIN at every tunnel establishment ?

Thank you for your attention




Re: VPN Client with Certifcate stored on Gemplus Smart Card Syst