[vpn-help] VPN client causing "next token code" mode on RSA appliance

Wed Jul 31 23:12:42 CDT 2013

Hi Jim (and other list members),
Cisco announced EOL on the Cisco VPN Client here:
http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5743/ps5699/ps2308/end_of_life_c51-680819.html
I have used it before on Windows 8 x64 as well - up until a few weeks ago it was working fine.  Then something changes and it stopped working.  I'm not the first to run into this but instead of getting frustrated by it I went looking for alternatives.  One of the threads I came across recommended Shrew Soft VPN Client.
For the RSA token support I'm assuming that is part of the protocol?  I'm not 100% sure how it works in terms of editions as there isn't an easily locatable edition comparison table.  That being said I am running in trial mode which should have been equivalent to the professional edition.
The guidance on the site was to report issues to this mailing list so that is partly what I'm doing here in hopes that the development team will comment on whether or not this is a supported scenario and as such a potential bug.
Cheers,Colin

From: vpn at technicolor.com
To: colin at bowern.com
CC: vpn-help at lists.shrew.net
Subject: RE: [vpn-help] VPN client causing "next token code" mode on RSA	appliance
Date: Mon, 29 Jul 2013 18:40:43 +0000

Colin, Are you saying that Cisco Client 5.0.07.0440 is no longer supported by Cisco, or/on Windows 8?  I’ve used it successfully on Windows 8 x64 which is why I ask (although I still prefer Shrew).  Has Cisco abandoned this client in favor of their AnyConnect? Secondly, is the professional edition of Shrew required for the RSA token support (assuming the Shrew client supports it) ?  I don’t see where that is called out in the professional edition vs. the standard one. I haven’t had to deal with tokens for my VPN needs, so can’t give you any useful info. -Jim From: vpn-help-bounces at lists.shrew.net [mailto:vpn-help-bounces at lists.shrew.net] On Behalf Of Colin Bowern
Sent: Friday, July 26, 2013 7:06 PM
To: vpn-help at lists.shrew.net
Subject: [vpn-help] VPN client causing "next token code" mode on RSA appliance The company I am connecting to is using the Cisco VPN Client 5.0.07.0440 which is no longer supported and recently stopped working on my Windows 8 installation. I am working on the trial of Shrew Soft VPN Client 2.2.2 to find a workaround to get IPSec VPN on Windows 8. Since using the Shrew Soft client I have experienced several times where I am unable to connect with the client returning a user authorization failed message.  Working with the VPN admins we have determined that the client is triggering my user profile to go into "Next Token Code" mode with the RSA appliance.  The workaround is to use the Cisco client to connect and satisfy the next token code request, then disconnect and connect once the token code cycles.  It seems that the Shrew Soft client does not recognize the next token code request. Here are the details of the VPN:Cisco ASA 5510RSA SecurID Appliance 3.0 (running latest code) My token is an RSA SecurID SID800 Not sure if this is a bug or not but with five days left in the trial I'd like to get a sense of where this stands before I make a decision to commit to purchasing the Shrew Soft client. Thanks,Colin 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20130801/629b4f16/attachment-0001.html>