SecurID: How to verify if TCP/UDP ports are allowed between a Linux machine and Authentication Manager.
Originally Published: 2020-05-14
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
Issue
This article provides steps to test UDP/TCP connectivity between below agents and Authentication manager.
- RSA Authentication Agent for PAM.
- RSA Authentication Agent for Web: Apache Web Server.
- An agent that is created with the RSA Authentication Agent SDK.
This can help determine if the issue is on the RSA Authentication Manager side or on the agent side.
Resolution
The following scenario is to test if connection is allowed between Linux machine and Authentication manager on UDP Port 5500.
- SSH or directly access a Linux machine which has the agent installed on it to start testing connectivity.
- Run the command echo "This is my data" > /dev/udp/<IP address>/<port> on the Linux machine. Be sure to change the IP address in the command to your RSA Authentication Manager IP address and change 5500 to the port being tested.
echo "This is my data" > /dev/udp/<AM IP Address>/5500
- Launch an SSH client, such as PuTTY.
- Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.
During Quick Setup, another username may have been selected. Use that username to log in.
login as: rsaadmin Using keyboard-interactive authentication. Password:<enter operating system password> Last login: Tue May 12 21:39:41 2020 from 192.168.231.1 RSA Authentication Manager Installation Directory: /opt/rsa/am
- Elevate privileges to root to run tcpdump.
rsaadmin@AM:~> sudo su -
rsaadmin's password: <enter operating system password>- On the RSA Authentication Manager side, capture all traffic coming on port 5500 using the command tcpdump -i eth0 -n -vv -s 0 port 5500 and host <IP address>.
- After starting the tcpdump with the correct IP address for the agent, run the echo command from step 2:
AM:~ # tcpdump -i eth0 -n -vv -s 0 port 5500 and host <Linux Machine IP Address> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 17:01:25.296635 IP (tos 0x0, ttl 64, id 31186, offset 0, flags [DF], proto UDP (17), length 44) 192.168.231.192.41668 > 192.168.231.5.5500: [udp sum ok] UDP, length 16
This shows that the RSA Authentication Manager server received the UDP packets.
Notes
To test sending TCP packets, change the udp the echo command to tcp, as shown:
echo "This is my data" > /dev/tcp/192.168.231.5/5500
Related Articles
How to open TCP/IP ports in RSA Identity Governance & Lifecycle Number of Views How to change the protocol from TCP to UDP for RSA Authentication Agent for Web for Apache Web Server Number of Views Testing TCP ports on RSA Authentication Manager 8.x instances with a script (Script attached) Number of Views How to verify TLS v.1.2 is configured correctly in RSA Authentication Manager 8.x Number of Views RSA Authentication Manager 8.x Web Tier that is installed on a Linux server fails due to port 443 permission errors Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
