|Applies To||RSA Product Set: SecurID Access|
RSA Product/Service Type: Identity Router
|Issue||The message of "Invalid authentication handle" from a Cisco ASA means that the authentication ticket was removed before the user responded. It may be displayed by the Cisco VPN Client or on the Cisco AnyConnect Secure Mobility Client.|
It is essentially a timeout error. It means that the RADIUS authentication response was not received by Cisco ASA before the configured or default authentication timeout set in that product
|Cause||There are two main possibilities that could cause a timeout problem:|
|Resolution||When configuring the Cisco ASA for RADIUS authentication with the RSA Cloud Authentication Service, make sure the timeout value is explicitly set to 120 seconds. For more information, see:|
If ServerList HostEntry is not configured, then a 12 second timeout will be used by Cisco no matter what the actual timeout value is set to.