Cisco Router with IOS 12.2(2)XB/12.2(4)T or later unable to handle New PIN Mode and Next Tokencode Mode Authentications through RADIUS
Originally Published: 2003-11-04
Article Number
Applies To
IOS 12.2(2)XB/12.2(4)T or later
Issue
Resolution
12.2 mainline should not have this problem, but model 3745 only runs 12.2T or 12.3, so there's no other option for the 3745. Bottom line - this is a bug in the IOS. The issue arises because Multitransaction RADIUS authentication uses the state attribute in the server's response packet to maintain continuity of the transaction which is handled in UDP packets. The router fails to respond with the same state attribute in the third packet of the communication. There is no state attribute in the packet.
Cisco is aware of the issue as of November 1, 2003, see Cisco defect CSCed22074. Please contact Cisco for the fix. The problem does appear to be fixed in IOS 12.3.7T.
Related Articles
New PIN Mode and Next Token Mode fail on Cisco VPN 3000 Concentrator with RSA ACE/Server Number of Views How long can an Agent wait to send a next tokencode or new pin message? Number of Views RSA SecurID end users setting their own PIN or next tokencode on a VPN connection Number of Views Users cannot authenticate successfully when the RSA SecurID token is in either Next Tokencode Mode or New PIN Mode when au… Number of Views MessageMedia SMS Gateway - On Demand Token Code Delivery Configuration - RSA Ready SecurID Access Implementation Guide Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
