[c-nsp] SecurID (NEW PIN MODE) vs Cisco VPN client

BoXeR piestaga at aster.pl
Fri Feb 25 02:16:39 EST 2005


Hi,

I am using 12.3(11)T2 .
Acc. to Cisco bug navig, the first fixed-in ver. is 12.3(11) T3 what means 
really the latest one.

Am i right ?

----- Original Message ----- 
From: "Dennis Peng" <dpeng at cisco.com>
To: "BoXeR" <piestagaF at LL-oFFaster.pl>
Cc: <cisco-nsp at puck.nether.net>
Sent: Friday, February 25, 2005 1:55 AM
Subject: Re: [c-nsp] SecurID (NEW PIN MODE) vs Cisco VPN client


> What version of IOS are you using? This was only recently
> fixed. CSCef07048.
>
> Dennis
>
> BoXeR [piestaga at aster.pl] wrote:
>> Hi,
>>
>> I have configured the remote access environment, where the user access 
>> the
>> VPN network using Cisco PN client with SecurID authentication.
>>
>> I do not know what is the reason, but when I set the user's token in New 
>> PIN
>> mode it does not work.
>>
>> I see the Radius sends that request to IPSec aggregator (which is IOS 
>> router
>> in my case)
>>
>>
>> Authentication Response
>> Packet : Code = 0xb ID = 0x2c
>> Vector =
>> 000: 3297f98a 8427cdd8 19dfa4f7 bd4749de |2....'.......GI.|
>> Prompt : Integer Value = 0
>> Reply-Message : Value =
>> 000: 0d0a2020 20456e74 65722079 6f757220 |..   Enter your |
>> 010: 6e657720 50494e2c 20636f6e 7461696e |new PIN, contain|
>> 020: 696e6720 3620746f 20382064 69676974 |ing 6 to 8 digit|
>> 030: 732c0d0a 20202020 20202020 20202020 |s,..            |
>> 040: 20202020 6f720d0a 2020203c 4374726c |    or..   <Ctrl|
>> 050: 2d443e20 746f2063 616e6365 6c207468 |-D> to cancel th|
>> 060: 65204e65 77205049 4e207072 6f636564 |e New PIN proced|
>> 070: 7572653a 20                         |ure:            |
>> State : String Value = SBR-CH 14|1
>>
>> and the router receives that request bot nothing else happens.
>>
>> Received from id 1645/44 195.114.173.28:1645, Access-Challenge, len 160
>>  authenticator 32 97 F9 8A 84 27 CD D8 - 19 DF A4 F7 BD 47 49 DE
>> Prompt              [76]  6   No-Echo                   [0]
>> Reply-Message       [18]  120
>> 0D 0A 20 20 20 45 6E 74 65 72 20 79 6F 75 72 20  [??   Enter your ]
>> 6E 65 77 20 50 49 4E 2C 20 63 6F 6E 74 61 69 6E  [new PIN, contain]
>> 69 6E 67 20 36 20 74 6F 20 38 20 64 69 67 69 74  [ing 6 to 8 digit]
>> 73 2C 0D 0A 20 20 20 20 20 20 20 20 20 20 20 20  [s,??            ]
>> 20 20 20 20 6F 72 0D 0A 20 20 20 3C 43 74 72 6C  [    or??   <Ctrl]
>> 2D 44 3E 20 74 6F 20 63 61 6E 63 65 6C 20 74 68  [-D> to cancel th]
>> 65 20 4E 65 77 20 50 49 4E 20 70 72 6F 63 65 64  [e New PIN proced]
>> 75 72 65 3A 20 00                                [ure: ?]
>> State               [24]  14
>> 53 42 52 2D 43 48 20 31 34 7C 31 00              [SBR-CH 14|1?]
>>
>>
>> The  Cisco VPN client (4.6) is not requesting the user for PIN, rePIN and
>> finally the whole PASSCODE.
>> And the whole authentication proccess fails :-(
>>
>> Do you have any ide what can be the reason of that ?
>> __________________________
>> Before sending an answer, please remove apropriate string from my 
>> address.
>> Usu? odpowiedni string z mojego adresu przed wys?aniem odpowiedzi.
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/ 



More information about the cisco-nsp mailing list