RSA New Pin mode over PPP dialer

I have an RSA v6.1 server running SecurID and Steel Belted RADIUS. This is performing authentication requests, via RADIUS, to a Cisco router at an ISP which hosts a PPP dial in service over PSTN.
Currently I can dial successfully into the system using the standard windows ppp dialer over PSTN using my username and RSA pin+tokencode. However when the token is set to 'New Pin mode' or 'Next Token code' the connection fails to connect as it isn't prompting me for a new pin.
The RSA website says in order to support Next Token mode & New Pin Mode require the RADIUS client to
work in terminal mode before initiating ppp negotiation.
Does this problem ring any bells with anyone out there? What command to use on the cisco device to forward new pin mode requests to the dialer?

Andrew,
For new pin mode to work, you will need to enable interactive AKA exec logins. To do this you need to have following configuration.
interface Group-AsyncX
ip unnumbered Loopback0
encapsulation ppp
async mode interactive ! watch for framed and exec connections
peer default ip address pool dialin_pool
no keepalive
ppp authentication pap ! clear ok for one time pass
group-range 1/00 1/59
line x/x 1/x
login authentication default ! default command doesn't show in config
no flush-at-activation
modem InOut
autoselect during-login
autoselect ppp
autocommand ppp neg ! start ppp before giving exec prompt
To explain. SecureID users will enable a post terminal dial window in DialUp Networking config. When they connect, they will be prompted for user/token and pin if configured for that. If the Exec authentication an
authorization succeeds. The AS5350 will execute the ppp negotiate command,
which starts PPP for the session. The user may see garbage text in terminal depending on what version of DialUp Networking or client software they are using. They will need to click on the close/done/continue button.
The PC and AS5350 will then proceed with PPP.
However, we are going to by pass ppp authentication because we have already
authenticated for exec and we don't want the token to time out and cause a failure. PPP authorization should proceed as normal using the credentials provided for exec login.
Please use CHAP as PAP does not work for interactive authentication.
Regards,
~JG
Do rate helpful posts

Similar Messages

  • NEW PIN mode fails after migrating to new ACS version

    Old setup.
    CiscoSecure ACS v3.x
    Windows server also has the RSA/ACE agent that queries a second server for SecurID authentication
    C3745 and a PIX used for inbound remote access
    Users access w/Cisco Systems VPN Client
    Works great
    New setup.
    CiscoSecure ACS v4.0, running on a different Windows server
    Slightly newer version of the RSA/ACE agent
    Same C3745 and PIX
    Same use4rs, same client.
    Works great as long as the SecurID card is not in NEW PIN mode
    If the card is in NEW PIN mode, the Cisco Systems VPN client of course prompts if the users wants to create a new pin. The answer is ?y? or ?n.? The client is then supposed to prompt for the PIN and then prompt a second time for the PIN. This never happens. Instead, w/in three seconds of the user saying ?y?, CSACS fails the user and the client terminates the connection.
    Help!
    Thanks,
    Shane

    Hi
    You may want to ping the Cisco TAC. I remember there were loads of issues with RSA authentication that may have been fixed after 4.0 shipped.
    If you run csauth from the command line:
    csauth -z -p
    you'll see a whole load of debug.. look for "[Securid" to see all related messages.
    Darran

  • Sky Go - Use Silverlight Fullscreen Pinning Mode

    I have two monitors, and I often watch Sky Go on monitor A while working on monitor B. However, whenever I fullscreen Sky Go, and click on a second monitor, Sky Go exits fullscreen mode. Silverlight has had Fullscreen Pinning Mode (where it remains fullscreen when the user clicks on a second screen) since version 4. See http://www.silverlight.net/learn/graphics/windows,-screens,-navigation/full-screen-pinning-mode When will Sky Go support this? Can you forward this request to your development team?

    I asked this same question in January 2014. This response was given by Sam-R community manager on 06-03-2014. Nothing has happened since very disapointed Sky. http://helpforum.sky.com/t5/Sky-Go/Silverlight-Fullscreen/td-p/1556365/highlight/true/page/2 Re: Silverlight Fullscreen.Options on ‎06-03-2014 10:41 AMHello again, Quick update. This feature is going to be enabled in a new Silverlight player release which is being worked on at the moment. Before then can I check, does it work if you pop out the player then maximise? instead of making it full screen. Thanks Sam
    Community Manager (Apps & Online)

  • Installing software update mac 0s x 10.4.5 on ppp dial up model

    Software update terminates before 10.4.3 updates on new imac G-5 using a ppp dial up modem line.

    Hello there BBCB and welcome to discussions,
    And the question is?
    A common problem for people with dial up. One good solution is to take a large smile and a blank CD to some one who has a high speed connection to the internet. Here is the procedure...
    1. Equipped with very large smile and blank CD approach computer user who has high speed internet access.
    2. Ask, pleasantly and with aforementioned smile, " Please may I use your computer to download some important updates for my computer? "
    3. Assuming that the response is positive, navigate to required down load location and complete required downloads to desktop. Burn CD. Offer many thanks to other user. Maybe even offer to buy coffee.
    4. Return home. Load CD. Install updates.
    5. Done!
    Hope that helps some.
    Regards
    Ian

  • PIN MODE Satellite M70-159 - Yours suggestions

    Hello
    In nearest time I would like to try PIN MODE ( force a FSB 133MHz on processor which works with 100MHz and constants FSB ratio = 17 ) in my notebook Toshiba.
    I buy on auction processor Pentium M 1.7GHz / 2MB / 400Mhz .
    Please don't tell me that the processor will be overheating I saw both datasheet (my present processor pentium M750 and pentium M735) and first emit 27W and second 21W .
    I calculate that if I change FSB the emit of heat will be approximetly ewen Pentium M750.
    Do You have any experience with this method of overclocking..?

    Hi buddy
    Internet websites provides many different advices, suggestions, stories, etc but I would not try everything...
    Maybe other notebooks CPUs worked fine after such upgrade but to be honest I would not try this. for me the connection of any CPU pins is really risky and I would be afraid that this would damage my cpu, motherboard and other notebooks parts
    A notebook over clocking is always risky due to a small cooling modules and not enough space for air circulation.
    Last but not least I dont understand why you want to increase the FSB. Of course the notebooks FSB could provide a higher performance but this would be not really noticeable and in my opinion this risk it not worth a try.
    Bye

  • I am trying to sync my iphone with itunes on a new computer, but  over 3 quarters of my music is missing.

    I am trying to sync my iphone with itunes on a new computer, but over 3 quarters of my music is missing. It seems that only the songs downloaded on itunes in the last 6 - 9 months have transferred. How can I get the rest of it to sync?

    You have posted to the iTunes Match forum, which your question does not appear to be related to. You will probably get better help by posting in the Using iPhone forum.

  • Generate a new SAP mode maximized and active working with Excel or Word

    Hello!
    We have an event that it generates a new SAP mode in the desktop. This mode is generated ok (maximized and active) if the user is working in other SAP mode in this moment.
    But this mode is generated minimized if the user is working with a Word or Excel Microsoft document in this moment.
    We need to generate this new mode: ACTIVE and MAXIMIZED when the user is working wiht any non SAP tool in that moment. Is this possible??
    We have checked the following functions module with  failed results:
    NAVIGATION_EXECUTE_OBJECT
    ECATT_START_GUI_REMOTE
    TH_CREATE_MODE
    Thanks in advance!!
    Regards,
    Message was edited by:
            Elisa Villellas

    Could you try disabling graphics hardware acceleration? (I'm having trouble determining from your "More system information" whether it's enabled or disabled.) Since this feature was added to Firefox, it has gradually improved, but there still are a few glitches.
    You usually need to restart Firefox in order for this to take effect, so save all work first (e.g., mail you are composing, online documents you're editing, etc.).
    orange Firefox button ''or'' classic Tools menu > Options > Advanced
    On the "General" mini-tab, uncheck the box for "Use hardware acceleration when available"
    If you restart Firefox, is the issue resolved?

  • How can i get a new PIN?

    HOW CAN I GET A NEW PIN?
    I FORGOT IT
    AND I NOW I DON`T HAVE ANY SPACE TO MY PHOTOS AND THE UPDATES!
    HELP ME PLESE!

    If you forgot your phone passcode, see here: http://support.apple.com/kb/HT1212

  • Why do I keep getting new pins sent to me?

    I downloaded the Messages app on my wife's phone and it keeps sending new pins and saying it failed the security. What do we need to do?

        I am sorry to hear of the issues that you are experiencing! Lets try to turn off the location and test out again. You may also delete the application and install again.
    If the issue persists, let us know which device your wife is using so that we can better assist.
    Thank you,
    LenaA_VZW
    Follow us on Twitter @VZWSupport

  • I set up a new PIN to lock my screen for security.  Now I can't unlock it.  Any ideas how to undo this and get my phone open?

    I set up a new PIN to lock my screen for security.  Now I can't unlock it.  Any idea how to undo this so I can use my phone again?

    Someone else had replied with that same remedy and if that's all it takes, no worries. However, it is tellig me that after 10 unsuccessful tries it will reset my phone back to zero and I lose everything...pictures, emails, texts,etc. Is this true or not...do you know? Thanks.

  • How to set new active Mode?

    Hi!
    I have got three open modes. First mode VA02, second mode MM02 and third mode SE80. SE80 is active, which means it s above the others. In SE80 I would like to process an report, which sets mode one or mode two active. How can I do that?
    It's just an example, but it focuses pricesly my problem.
    Thanks
    Christian

    Hello Christian
    At first glance Max' answer does not look like a <i>stroke of genius</i> yet where in the SAP system have you observed the behaviour of modes (or sessions) you are describing? I am not aware of any place (which does not exclude the possibility that there is one).
    However, creating a new active mode is easily done using various function modules or classes, e.g.:
    - function module <b>TH_CREATE_MODE</b>
    - static method <b>CL_IMC_MODE=>create_mode</b>( ) -> returns a mode instance where you can call go_mode->call ( <transaction> )
    - static method <b>CL_RECA_GUI_UTILITIES=>call_transaction</b>
    I hope I could give you some input on your topic.
    Regards
      Uwe

  • How to add a new pin to an existing subvi

    Hi,
    I've been using Labview for sometime now but I still haven't found a convenient way to add a new pin to an existing subvi other than opening up the subvi and adding a control or whatever and then highlighting the code and using create subvi. Then naming this new subvi with the name of the old one. There must be a better way than doing this ??
    Thanks.
    John

    Hi John,
    I think you want to have a new connector where you can wire to.
    Open the VI, create the control or indicator on the front panel and then make a right click on the icon. Choose show connector pane. Your mouse cursor changes to the wire cursor. Click in the pane on a free connector and then click on the new control/indicator. This way the control/indicator is assoicated with the connector on the connector pane. Keep the rule controls left indicators right side. If there is no more connector left you can choose a new pane.
    Normally we use only a limited set of panes for all subVIs to avoid benches in the wires. Most we use the pane with 4 connectors left and 4 connectors right.
    Waldemar
    Using 7.1.1, 8.5.1, 8.6.1, 2009 on XP and RT
    Don't forget to give Kudos to good answers and/or questions

  • I need an new pin how do i get one

    basically got an fone off a friend and ive reset fone but cos i still got same bb pin i keep gettin requests off random people i dont know is there anyway to change ur pin thanks

    Please be patient, no one is bleeding. We're a volunteer user-to-user community forum.
    The device PIN is hard-coded to the hardware at the factory and can't be changed... the device PIN is unique to each device.
    You can't have a new PIN without getting a new device.
    1. If any post helps you please click the below the post(s) that helped you.
    2. Please resolve your thread by marking the post "Solution?" which solved it for you!
    3. Install free BlackBerry Protect today for backups of contacts and data.
    4. Guide to Unlocking your BlackBerry & Unlock Codes
    Join our BBM Channels (Beta)
    BlackBerry Support Forums Channel
    PIN: C0001B7B4   Display/Scan Bar Code
    Knowledge Base Updates
    PIN: C0005A9AA   Display/Scan Bar Code

  • PUK and New PIN code

    I was playing around with my phone and hit something. My phone is now locked except for emergency call and has no service. Scrolling across the screen it says,"SIM card is PUK locked. l No service."  Above that it says,"Type PUK and new PIN code."
    Thanks for any help.

    You should be able to access your PUK and PIN by following these steps:
    Locating the 4G SIM PIN / PUK - My Verizon Website

  • New V Moda's

    Does anyone know when Apple will release the new V Moda earbuds with the Ipod Controls???????

    I don't believe that Vmoda has announced a new set of iphone headphones (ones with the control button) yet.
    I'd love a pair. I hate the earphones that came with the iphone, and mine are falling apart.

Maybe you are looking for

  • Goods Shipped -BUT- Not Invoiced

    Hi Gurus, we would like to see a report (NOT VF04), where I can see all the Goods Shipped But not invoiced with AMOUNT so that we can Tie this amount to respective Goods in Transit GL account balance for Auditing Purpose, so that we can tell them thi

  • Document restriction settings

    please let me know on how to set the document restriction: Printing: Allowed Commenting: Allowed Other options: Not Allowed regards, Sashi              

  • Reg:Excise posting

    while posting the excise part -II i'm getting this error "FI/CO interface: Inconsistent FI/CO line item data for updating Message no. RW016" Regards, Abilash V.

  • When I am attaching documents to a new e-mail I am getting Data Execution Prevention error and crashing firefox? What can I do to overcome this problem.

    When I am making a new e-mail and trying to attach a document(Word, Wordperfect or pdf file, an error occures because of the Data Execution Prevention and crashes the program? What need to be done to correct this issue. I was able to do this a few we

  • Screen Turning Blue-Help Please

    OKay so lately I'll be on the internet or in a differnent program and all of the sudden my screen turns blue and then it goes back to normal, does anyone know how to fix this? If this helps everytime my screen has turned blue it is after I'm done pla