000020016 - Users not prompted for username or PASSCODE through Cisco PIX firewall

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000020016
Applies ToCisco PIX
RSA ACE/Server
IssueUsers not prompted for username or PASSCODE through Cisco PIX firewall
Users prompted once and successfully authenticate, but not prompted for subsequent attempts
CauseThe IOS line "timeout uauth 0:05:00 absolute" is responsible to the time a users session is valid. This line essentially means the authentication is good for 5 minutes, and the user will not be challenged for that time.
ResolutionTo correct this issue, change the value to be 0:00:30 (30 seconds) or less - the user will be challenged again when the timeout expires.
Legacy Article IDa13855