000029847 - Cisco ASA running IOS 9.3.2 fails to generate node secret when using SDI as the authentication protocol to Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000029847
IssueA Cisco ASA running IOS 9.3.2 using the native SecurID authentication protocol for VPN access fails to generate the node secret during an auth test under AAA server group test in the Cisco ASDM.  The Authentication Manager 8.1 Authentication Activity logs show the authentication method failed error which is typically associated with the wrong IP being specified for the interface on the Cisco ASA, but that's not the case with 9.3.2. 
CauseThis is a known defect with Cisco IOS 9.3.2. 
Resolution When contacting Cisco, reference CSCut28210.  Cisco will release an update to address this issue in the near future.
Until the fix is released, the two options to have authentication work would be either:

  • Rollback to Cisco IOS 9.3.1; or
  • Continue to use Cisco IOS 9.3.2 with RADIUS rather than the native SecurID authentication protocol.