000018062 - New PIN and next Tokencode modes fail when dialing through a Cisco NAS

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018062
Applies ToRSA ACE/Server
UNIX (AIX, HP-UX, Solaris)
Microsoft Windows NT 4.0
Cisco NAS
IssueNew PIN and next Tokencode modes fail when dialing through a Cisco NAS
User token is in New PIN mode
User token is in next Tokencode mode
Next Tokencode mode fails
User unable to clear next Tokencode mode or to set up PIN because the standard timeout closes the connection
Authentication fails
CauseWhen dialing into a Cisco NAS, the default timeout value (30 sec) doesn't allow the user to authenticate successfully in New PIN or Next Tokencode Mode
ResolutionIncreasing the default timeout value on the Cisco NAS will allow authentications in New PIN or Next Tokencode Mode.

If the IOS version is 11.3 or greater, the following command can be entered in the Cisco NAS line config:

    timeout login response XXX

where XXX represents the timeout value from 0 to 300 seconds. The default is 30, so we recommend to use 60.

With an IOS version of 12.3-7.T1, the following commands can be entered in the Cisco NAS line config:

For Dial-Up:

    timeout login response XXX

    login authentication RAS USERS

For VPN:

    crypto isakmp xauth timeout XXX
Legacy Article ID5.0.549046.2577182

Attachments

    Outcomes