000021291 - Cisco test authentication returns 'Unspecified Authentication Error'

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021291
Applies ToRSA ACE/Server 5.x
Cisco VPN 3000 Concentrator
IssueCisco test authentication returns "Unspecified Authentication Error"
ACE/Server activity log reads "Passcode Accepted" and "Node Secret Sent"
Subsequent test authentications result in error: "Node verification failed"
CauseThe encryption type in the agent host entry for the Cisco VPN 3000 Concentrator is set incorrectly. Therefore, the ACE/Server sends the node secret and the passcode is accepted, but the Concentrator is unable to read the response from ACE/Server, and the node secret does not get created on the client side.
ResolutionTo correct this issue, set the Encryption Type in the Agent Host Entry to "DES" and clear the node secret on the ACE/Server.

To change the Encryption Type, go to the ACE/Server Database Administrator Tool. Then go to Agent Host --> Edit Agent Host. Under Encryption Type, select DES. To delete the Node Secret, uncheck the "Node Secret Sent" checkbox.
Legacy Article IDa21990