[c-nsp] SecurID (NEW PIN MODE) vs Cisco VPN client

BoXeR piestaga at aster.pl
Fri Feb 25 13:00:34 EST 2005


Hi again,

I have just upgraded the router to 12.3(11)T3 and it is still not working.
Actualy nothing has changed.
I can still see the message sent from radius to router, but the CISCO VPN 
Client does nothing with that.

Can somebody confirm, that this bug was really repaired.?
Regard
Sebastian



----- Original Message ----- 
From: "Oliver Boehmer (oboehmer)" <oboehmer at cisco.com>
To: "BoXeR" <piestagaF at LL-oFFaster.pl>; "Dennis Peng (dpeng)" 
<dpeng at cisco.com>
Cc: <cisco-nsp at puck.nether.net>
Sent: Friday, February 25, 2005 8:30 AM
Subject: RE: [c-nsp] SecurID (NEW PIN MODE) vs Cisco VPN client


>
>>
>> I am using 12.3(11)T2 .
>> Acc. to Cisco bug navig, the first fixed-in ver. is 12.3(11) T3 what
>> means really the latest one.
>>
>> Am i right ?
>
> yes and no, 12.3(8)T6 also has the fix, so unless you need some specific
> 12.3(11)T features, you could also downgrade to 12.3(8)T6..
>
> oli
>
>
>> ----- Original Message -----
>> From: "Dennis Peng" <dpeng at cisco.com>
>> To: "BoXeR" <piestagaF at LL-oFFaster.pl>
>> Cc: <cisco-nsp at puck.nether.net>
>> Sent: Friday, February 25, 2005 1:55 AM
>> Subject: Re: [c-nsp] SecurID (NEW PIN MODE) vs Cisco VPN client
>>
>>
>>> What version of IOS are you using? This was only recently fixed.
>>> CSCef07048.
>>>
>>> Dennis
>>>
>>> BoXeR [piestaga at aster.pl] wrote:
>>>> Hi,
>>>>
>>>> I have configured the remote access environment, where the user
>>>> access the VPN network using Cisco PN client with SecurID
>>>> authentication.
>>>>
>>>> I do not know what is the reason, but when I set the user's token
>>>> in New PIN mode it does not work.
>>>>
>>>> I see the Radius sends that request to IPSec aggregator (which is
>>>> IOS router in my case)
>>>>
>>>>
>>>> Authentication Response
>>>> Packet : Code = 0xb ID = 0x2c
>>>> Vector =
>>>> 000: 3297f98a 8427cdd8 19dfa4f7 bd4749de |2....'.......GI.|
>>>> Prompt : Integer Value = 0
>>>> Reply-Message : Value =
>>>> 000: 0d0a2020 20456e74 65722079 6f757220 |..   Enter your |
>>>> 010: 6e657720 50494e2c 20636f6e 7461696e |new PIN, contain|
>>>> 020: 696e6720 3620746f 20382064 69676974 |ing 6 to 8 digit|
>>>> 030: 732c0d0a 20202020 20202020 20202020 |s,..            |
>>>> 040: 20202020 6f720d0a 2020203c 4374726c |    or..   <Ctrl|
>>>> 050: 2d443e20 746f2063 616e6365 6c207468 |-D> to cancel th|
>>>> 060: 65204e65 77205049 4e207072 6f636564 |e New PIN proced|
>>>> 070: 7572653a 20                         |ure:            |
>>>> State : String Value = SBR-CH 14|1
>>>>
>>>> and the router receives that request bot nothing else happens.
>>>>
>>>> Received from id 1645/44 195.114.173.28:1645, Access-Challenge, len
>>>>  160 authenticator 32 97 F9 8A 84 27 CD D8 - 19 DF A4 F7 BD 47 49 DE
>>>> Prompt              [76]  6   No-Echo                   [0]
>>>> Reply-Message       [18]  120 0D 0A 20 20 20 45 6E 74 65 72 20 79
>>>> 6F 75 72 20  [??   Enter your ] 6E 65 77 20 50 49 4E 2C 20 63 6F 6E
>>>> 74 61 69 6E  [new PIN, contain] 69 6E 67 20 36 20 74 6F 20 38 20 64
>>>> 69 67 69 74  [ing 6 to 8 digit] 73 2C 0D 0A 20 20 20 20 20 20 20 20
>>>> 20 20 20 20  [s,??            ] 20 20 20 20 6F 72 0D 0A 20 20 20 3C
>>>> 43 74 72 6C  [    or??   <Ctrl] 2D 44 3E 20 74 6F 20 63 61 6E 63 65
>>>> 6C 20 74 68  [-D> to cancel th] 65 20 4E 65 77 20 50 49 4E 20 70 72
>>>> 6F 63 65 64  [e New PIN proced] 75 72 65 3A 20 00
>>>> [ure: ?]
>>>> State               [24]  14
>>>> 53 42 52 2D 43 48 20 31 34 7C 31 00              [SBR-CH 14|1?]
>>>>
>>>>
>>>> The  Cisco VPN client (4.6) is not requesting the user for PIN,
>>>> rePIN and finally the whole PASSCODE. And the whole authentication
>>>> proccess fails :-(
>>>>
>>>> Do you have any ide what can be the reason of that ?
>>>> __________________________ Before sending an answer, please remove
>>>> apropriate string from my address. Usu? odpowiedni string z mojego
>>>> adresu przed wys?aniem odpowiedzi.
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>> _______________________________________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/ 



More information about the cisco-nsp mailing list