https://community.cisco.com/t5/network-access-control/cisco-acs-with-rsa-ace-callback/m-p/40624#M438625 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You have to instruct the router to only authenticate on dialin and not on dialout with the following command:</P><P></P><P>ppp authentication pap callin</P><P></P><P>Also, you have to mak e sure that you use PAP (instead of the default CHAP) when authenticating with RSA tokens. Hope this helps,</P><P></P><P>Regards,</P><P></P><P>VS</P></BODY></HTML> Mon, 13 Jan 2003 13:48:53 GMT vsanavia 2003-01-13T13:48:53Z https://community.cisco.com/t5/network-access-control/cisco-acs-with-rsa-ace-callback/m-p/40621#M438620 <P>Hi !</P><P></P><P>I am using a Cisco ACS box combined with RSA ACE. Authentification is successful for the first time. But the router issues a callback and wants to authenticate twice. On the second attempt the tokencode is no longer valid - and callback is not successful because of the failure : RE-USE ATTACK </P><P>on the RSA ACE Server.</P><P>Why do I need a second authentification ? The call is successfully authenticated on the first time - why is there a second authentication needed ?</P><P></P><P>Thx Hans</P> Sun, 10 Mar 2019 14:03:43 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-with-rsa-ace-callback/m-p/40621#M438620 schimekh 2019-03-10T14:03:43Z https://community.cisco.com/t5/network-access-control/cisco-acs-with-rsa-ace-callback/m-p/40622#M438621 <HTML><HEAD></HEAD><BODY><P>You may need to configure Token Caching as shown here:</P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/129/25.html" target="_blank">http://www.cisco.com/warp/public/129/25.html</A></P><P><A class="jive-link-custom" href="http://www.cisco.com/warp/public/129/26.html#intro" target="_blank">http://www.cisco.com/warp/public/129/26.html#intro</A></P><P>You may also want to ask your RSA people if a similar feature is avalable in the ACE Server.</P></BODY></HTML> Fri, 27 Sep 2002 16:17:34 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-with-rsa-ace-callback/m-p/40622#M438621 lisa.hall 2002-09-27T16:17:34Z https://community.cisco.com/t5/network-access-control/cisco-acs-with-rsa-ace-callback/m-p/40623#M438623 <HTML><HEAD></HEAD><BODY><P>we are having the same problem you are describing .I see that your case is from september, did you solve it and how</P><P></P><P>thanks</P><P></P><P></P><P>guy</P></BODY></HTML> Mon, 06 Jan 2003 11:49:58 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-with-rsa-ace-callback/m-p/40623#M438623 guy.alexander 2003-01-06T11:49:58Z https://community.cisco.com/t5/network-access-control/cisco-acs-with-rsa-ace-callback/m-p/40624#M438625 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>You have to instruct the router to only authenticate on dialin and not on dialout with the following command:</P><P></P><P>ppp authentication pap callin</P><P></P><P>Also, you have to mak e sure that you use PAP (instead of the default CHAP) when authenticating with RSA tokens. Hope this helps,</P><P></P><P>Regards,</P><P></P><P>VS</P></BODY></HTML> Mon, 13 Jan 2003 13:48:53 GMT https://community.cisco.com/t5/network-access-control/cisco-acs-with-rsa-ace-callback/m-p/40624#M438625 vsanavia 2003-01-13T13:48:53Z