Article Content
Article Number | 000019111 |
Applies To | Cisco VPN 3000 Concentrator RSA Radius Server RSA Authentication Manger 6.1 |
Issue | Error: "PASSCODE REUSE ATTACK DETECTED" in ACE/Server logs "Access denied" on Client Error: "SIMULTANEOUS AUTH detected" in RSA ACE/Server logs |
Cause | Retransmitted packets from the Cisco appear to be new authentication requests |
Resolution | To correct this issue, upgrade the VPN 3000 Concentrator to at least 3.5.3 and configure an 8-10 second retransmission time-out (not the default 4 second) Cisco has changed the formatting of the retransmitted authentication requests so the ACE/Server will correctly interpret the retransmitted packets and not deny access to the user. The retransmitted request will be identical to the original, enabling the ACE/Server to detect the request is a retransmission and enabling it to retransmit the original response. As a workaround, reconfigure the VPN Concentrator to wait longer for a response from ACE/Server and not retransmit the request. Retransmitted requests will fail if the ACE/Server receives a second request when the Concentrator is at 3.5.2 or earlier. Cisco Menu on a 3000 has timeout =, change it from default 4 seconds to 8 seconds to give ACE server enough time to get first response back to Cisco If the Agent host Timeout is not the problem, apply Hot Fix Roll-up 5 to Auth Manager 6.1.2, it fixes a problem where ACE database holds first auth request for up to 30 seconds, forcing Agent host to retransmit, and causing both PASSCODE REUSE ATTACK DETECTED and SIMULTANEOUS AUTH detected |
Legacy Article ID | a12192 |