[BBLISA] RSA tokens, ACE Server, Cisco concentrator timing help

Sean Lutner sean at rentul.net
Sat Jan 1 11:46:18 EST 2005 

If it is a timing issue, it's likely that you have time sync problems 
between the Ciscos. I'd make sure that all the gear is using the UTC 
timezone, and are all sync'd against the same time server (a strata 1 
would be preferred.)

Sean

On Jan 1, 2005, at 9:21 AM, Scott Ehrlich wrote:

> Part of my contract job has involved adding new RSA tokens via ACE 
> Server
> to user accounts (in an Active Directory environment).  Of about 300 
> new
> tokens, the first 30 went almost flawlessly.  I added the first 30 
> token
> serial numbers to the ACE Server console, testing each token by 
> logging in
> successfully.
>
> The next batch of about 30 tokens were more of a mixed result.  Half 
> the
> tokens prompted for a New Pin, then took the new pin and the next six
> digits on the token.  The other half took the new pin, but failed when 
> the
> next code came up, with the error:
>
> "Secure VPN connection terminated locally by the client.   Reason 413:
> User authentication failed"
>
> We are using either Cisco 3300 or 3500's, located at three or four 
> sites
> around the country, with one of those sites in Ireland.
>
> I am told the syncing is instant for all phases of this.
>
> We've checked google and Cisco's site for ideas, but none of them seem 
> to
> answer this problem.   Every token I've entered has prompted for a New
> Pin, but half will not take the new pin + next code.   If you look at 
> the
> success/failure markings I have on a spreadsheet, the pattern lends 
> itself
> to a timing issue somewhere, but where?
>
> We have support calls in to at least Cisco, and maybe RSA, for 
> additional
> help.
>
> Any ideas from the list would be most appreciated.
>
> As a side note, sorry for my job search spams.   I have other avenues 
> I am
> actively using.   I was simply trying to reach the widest possible
> audience.
>
> A good new year to all.
>
> Scott
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>
>
Sean Lutner               | www: http://www.rentul.net
e-mail: sean at rentul.net   | gpg: http://www.rentul.net/sean.sig

"Imagination is more important than knowledge." -- Albert Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2359 bytes
Desc: not available
Url : http://www.bblisa.org/pipermail/bblisa/attachments/20050101/adcd29d7/attachment.bin

More information about the bblisa mailing list