|Applies To||RSA ACE/Server|
RSA SecurID Authentication Manager
Cisco VPN 3000 Concentrator Cisco ASA 5000 5500
|Issue||How to clear RSA ACE/Server node secret on Cisco VPN 3000 Series Concentrator or a Cisco ASA|
|Resolution||On Cisco ASA the Node secrets are stored in Flash RAM which is called disk0:. Older versions use Hex, newer version use the dotted decimal notation, so a Node secret for an RSA Server with IP address of 220.127.116.11 will either be named 8E-ED-EB-8A.SDI (Older versions with HEX used) or it will be named 142-141-235-138.SDI. |
To delete the Node secret on a Cisco ASA, telnet or connect with SSH, find the file and type either
delete /noconfirm disk0:/142-141-235-138.SDI
delete disk0:\142-141-235-138.SDI /noconfirm
On the Concentrator Series Manager, Under: Administration --> File Management, delete the node secret file whose name is based on the ACE/Server IP address with .SDI appended. NOTE: You must convert the IP address from dotted decimal to hexadecimal format to match the address. e.g C0A8081E.SDI represents ACE server address 192.168.8.30. There is a [Delete] function for this file on Cisco 3000s.
You may also have to delete the node secret on the Agent Host entry for this Cisco on the ACE server.
|Legacy Article ID||a13140|