VPN Client with Certifcate stored on Gemplus Smart Card System
Hello to everybody
I have an installation in which I am using a VPN Client to establish VPN Tunnel towards a VPN Concentrator with certificates stored on a Gemplus Smart Card System.
VPN Client is 4.0.3F
VPN Concentrator is 4.0.1
Unfortunately I observe a strange behaviour, and I would like to know if there is a workaround.
The first time the user opens a new tunnel, the VPN Client rquires the user to insert the PIN for the smart card. If the Idle Timeout is set to a certain value, after the idle timeout expires the tunnel is obviously deleted.
At this point the strange behaviour occurs. If the user opens a new IPSEC tunnel, the VPN client connects directly to the concentrator without requiring the insertion of the PIN for the smart card. And this is true far all the subsequent tunnels.
The same behaviour occurs also if the user manually disconnects the tunnel and subsequently tries to reconnect.
The only way to require the request of the PIN for every subsequent new IPSEC tunnel establishment is to unplug and plug again the smart card, or also to stop and start the Cisco VPN Service (in the latter case is not necessary to unplug the smart card).
If any of these operations is performed, when the user opens a new tunnel he must insert the smart card PIN in order to establish the tunnel.
Definitively it looks like the Cisco VPN Client caches in some way the PIN.
Unfortunately I found no option neither in the GUI nor in the configuration files in order to disable this behaviour.
My question is: does any of you know a method in order to change this behavoiur and make the VPN client requires the PIN at every tunnel establishment ?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...