Article Content
Article Number | 000018062 |
Applies To | RSA ACE/Server UNIX (AIX, HP-UX, Solaris) Microsoft Windows NT 4.0 Cisco NAS |
Issue | New PIN and next Tokencode modes fail when dialing through a Cisco NAS User token is in New PIN mode User token is in next Tokencode mode Next Tokencode mode fails User unable to clear next Tokencode mode or to set up PIN because the standard timeout closes the connection Authentication fails |
Cause | When dialing into a Cisco NAS, the default timeout value (30 sec) doesn't allow the user to authenticate successfully in New PIN or Next Tokencode Mode |
Resolution | Increasing the default timeout value on the Cisco NAS will allow authentications in New PIN or Next Tokencode Mode. If the IOS version is 11.3 or greater, the following command can be entered in the Cisco NAS line config: timeout login response XXX where XXX represents the timeout value from 0 to 300 seconds. The default is 30, so we recommend to use 60. With an IOS version of 12.3-7.T1, the following commands can be entered in the Cisco NAS line config: For Dial-Up: timeout login response XXX login authentication RAS USERS For VPN: crypto isakmp xauth timeout XXX |
Legacy Article ID | 5.0.549046.2577182 |