Good morning,
we have strange Problems with our SSL-VPN Connection to the sophos.
We have approximately 300 users SSL-VPN eanbled. Usually =<20 users are logged on concurrently.
Some of our users have problems to logon to the SSL-VPN. Obvisiously the connection from their login to the OTP Token is messed up.
In this case the following happens:
- When the user is loging on to the userportal he only needs his login + password to login (formerly it was initalized and the password+OTP was needed).
- Then most time a new OTP Token is created (In Definitions and Users - Authentication Services - One Time Password)
- The user is now able to login with both combinations login / password + old otp and login / password + new otp on the user portal (the user now has two valid OTP token)
- After this the SSL-VPN login is possible with both combinations. However this is only the true for most of the logins. Some are still not working. Clearing the authentication cache does not help in this case.
The OTP Tokens are prepopulated based on an AD connection and the membership in a group (VPNLoginPassToken).
Obviously the firewall loses the connection between the old OTP Token and the user or to be more clearer it goes through the token initialization process of the users. We are quite sure that this is an issue of the implementation of Sophos parts and not from the underlying SSL-VPN (we do not change something on the client software).
This happend half a year ago and again on last friday. The firmware running on the sophos was 9.503-4. We updated to 9.506-2 which did not change anything. We don't want to install newer version for the moment because of the S/MIME Encryption issue seems not to be fixed so far.
Has somebody else this or a similar problem?
Is there any way to identify which of the 300 accounts are affected?
What could be the trigger that let the software think that the token of a user needs to be reinitialized?
Best regards,
Bernd
This thread was automatically locked due to age.
