|Applies To||RSA Product Set: SecurID|
RSA Product: Authentication Manager
RSA Version/Condition: 8.x
Platform (Other): Cisco Adaptive Security Appliance 9.8 (2)
- Unable to authenticate to RSA Authentication Manager 8.x servers from Cisco Adaptive Security Appliance using native SecurID protocol.
- The software version running on the Cisco Adaptive Security Appliance is 9.8 (2).
- Error seen as authentication failed on the Cisco Adaptive Security Appliance command line prompt.
- Communication packets between the Cisco agent and Authentication Manager server was verified by performing a tcpdump on the primary Authentication Manager appliance.
- No error log entries were seen on the Authentication Manager server real time activity monitor after performing a couple of authentications from the Cisco Adaptive Security Appliance over UDP port 5500.
The exact cause for the Native SecurID authentications to fail over the port UDP 5500 when authenticating from the Cisco Adaptive Security Appliance 9.8 (2) is yet to be identified.
However, this looks like an incompatibility issue with RSA Authentication Manager 8.x and Cisco ASA running version 9.8 (2) specifically
- Below is the snippet.of the version information from theCisco ASA:
Cisco Adaptive Security Appliance Software Version 9.8(2)
Firepower Extensible Operating System Version 2.2(2.52)
Device Manager Version 7.8(2)
|Workaround||Use RADIUS protocol as an alternative protocol to native SecurID protocol by creating the Cisco Adaptive Security Appliance as a RADIUS client on the Authentication Manager server.|
Review the article on how to Add a RADIUS client agent for the ASA.
|Notes||Kindly take note that this is very specific to one version of Cisco ASA running the software specific version 9.8 (2) and is not a generic solution for all versions of Cisco ASA.|