[c-nsp] SecurID (NEW PIN MODE) vs Cisco VPN client

BoXeR piestaga at aster.pl
Thu Feb 24 08:52:47 EST 2005 

Hi,

I have configured the remote access environment, where the user access the 
VPN network using Cisco PN client with SecurID authentication.

I do not know what is the reason, but when I set the user's token in New PIN 
mode it does not work.

I see the Radius sends that request to IPSec aggregator (which is IOS router 
in my case)


Authentication Response
Packet : Code = 0xb ID = 0x2c
Vector =
000: 3297f98a 8427cdd8 19dfa4f7 bd4749de |2....'.......GI.|
Prompt : Integer Value = 0
Reply-Message : Value =
000: 0d0a2020 20456e74 65722079 6f757220 |..   Enter your |
010: 6e657720 50494e2c 20636f6e 7461696e |new PIN, contain|
020: 696e6720 3620746f 20382064 69676974 |ing 6 to 8 digit|
030: 732c0d0a 20202020 20202020 20202020 |s,..            |
040: 20202020 6f720d0a 2020203c 4374726c |    or..   <Ctrl|
050: 2d443e20 746f2063 616e6365 6c207468 |-D> to cancel th|
060: 65204e65 77205049 4e207072 6f636564 |e New PIN proced|
070: 7572653a 20                         |ure:            |
State : String Value = SBR-CH 14|1

and the router receives that request bot nothing else happens.

Received from id 1645/44 195.114.173.28:1645, Access-Challenge, len 160
 authenticator 32 97 F9 8A 84 27 CD D8 - 19 DF A4 F7 BD 47 49 DE
Prompt              [76]  6   No-Echo                   [0]
Reply-Message       [18]  120
0D 0A 20 20 20 45 6E 74 65 72 20 79 6F 75 72 20  [??   Enter your ]
6E 65 77 20 50 49 4E 2C 20 63 6F 6E 74 61 69 6E  [new PIN, contain]
69 6E 67 20 36 20 74 6F 20 38 20 64 69 67 69 74  [ing 6 to 8 digit]
73 2C 0D 0A 20 20 20 20 20 20 20 20 20 20 20 20  [s,??            ]
20 20 20 20 6F 72 0D 0A 20 20 20 3C 43 74 72 6C  [    or??   <Ctrl]
2D 44 3E 20 74 6F 20 63 61 6E 63 65 6C 20 74 68  [-D> to cancel th]
65 20 4E 65 77 20 50 49 4E 20 70 72 6F 63 65 64  [e New PIN proced]
75 72 65 3A 20 00                                [ure: ?]
State               [24]  14
53 42 52 2D 43 48 20 31 34 7C 31 00              [SBR-CH 14|1?]


The  Cisco VPN client (4.6) is not requesting the user for PIN, rePIN and 
finally the whole PASSCODE.
And the whole authentication proccess fails :-(

Do you have any ide what can be the reason of that ?
__________________________
Before sending an answer, please remove apropriate string from my address.
Usuń odpowiedni string z mojego adresu przed wysłaniem odpowiedzi.

More information about the cisco-nsp mailing list