|Applies To||Login automation|
Cisco VPN Client
|Issue||Cisco VPN Client login automation with RSA Software Token or SD800 token not working with RADIUS authentication set up on Cisco ASA and PIX|
VPN Client continues to prompt for "passcode" when it should be prompting for "pin".
|Cause||Cisco has a bug ID CSCse09458 that did not allow software integration to work via RADIUS for the PIX or ASA devices.|
Two steps must be taken to fix this issue.
1. Upgrade the PIX or ASA device to 7.2.1(24) or later.
2. Enable an attribute under the ipsec tunnel-group config attr named "radius-sdi-xauth".
When enabled, it will allow the prompt "Enter Username and Password" to be sent in the XAUTH
exchange and elicit appropriate behavior on the client side for Radius/SDI proxy.
tunnel-group CiscoACS-Appliance ipsec-attributes
See Cisco Support for the upgrade or further details on this issue. Note that the radius-sdi-xauth setting may have to be set using the ASA server's CLI interface.
|Legacy Article ID||a34088|