AnsweredAssumed Answered

AUTHN_METHOD_FAILED

Question asked by Yavuz Cengiz on Feb 25, 2016
Latest reply on Feb 26, 2016 by Andre Pietersen

Like • Show 0 Likes0
Comment • 5

We received "413 authentication failed" message from Cisco VPN client after entering TOKENCODE. The authenticaton activity report is below. What should we do?

Log Level: ERROR

Activity Key: Principal authentication

Description: User “test.user1” attempted to authenticate using authenticator “OnDemand”. The user belongs to security domain “SystemDomain”

Action Result Key: Failure

Result Key: AUTHN_METHOD_FAILED

Result: Authentication method failed

User ID: test.user1

User Security Domain: SystemDomain

User Identity Source: PharmavisionAd

Agent Type: 7

Agent Name: asa

Agent IP: 172.17.0.1

Agent Security Domain: SystemDomain

Authentication Method: OnDemand

Policy Expression: AUTHN_LOGIN_EVENT

Argument 1: 5

Argument 2: 1

Argument 3:

Argument 4:

Argument 5:

Argument 6:

Argument 7:

Argument 8: aba8d3ac020111ac125b7ef9f503cacb

Argument 9: <cell phone number>

Argument 10:

Instance Name: istsrdc200.local

Client IP: 172.17.0.1

Server Node IP: 172.17.1.26

More Arguments:

Actor GUID: ab7f7688020111ac11f408a728855658

Session ID: 16ca08961a0111ac0173c5b88d4ee364-wnxHs2TwiFDa

Agent GUID: ab87dcad020111ac1298dc79d74e7065

Yavuz Cengiz Feb 26, 2016 12:26 AM

Correct Answer

A case open by RSA. They checked and couldn't find any problems in the system and they adviced to check if ASA changed.

Our ASA software has been updated recently. We realized that the problem is beginning after this. New version ASA software is causing communication problem with RSA via SDI protocol. This finding has not been confirmed yet by Cisco. We changed the configuration by configuring RADIUS instead of SDI, then it is beginning to work properly.

See the reply in context

No one else had this question

Outcomes

Brian Twomey

Feb 25, 2016 3:29 PM

I would advise opening a case so Support can take a look at this. We would also want to know if it's Native SecurID or Radius....all users or just a segment....this really needs someone to take a deeper look to find out the cause fo the failure.

Actions

Yavuz Cengiz Feb 26, 2016 12:26 AM

A case open by RSA. They checked and couldn't find any problems in the system and they adviced to check if ASA changed.

Actions

Andre Pietersen Feb 26, 2016 4:37 AM

Can I ask what ASA you are using and which firmware on the ASA.

It might save me some headaches when I encounter the same problem

thanks

Actions

Yavuz Cengiz Feb 26, 2016 4:47 AM

We are using Cisco ASA5510.

Old ASA software version was 8.4(4)1

This versiyon is working with RSA Auth.Manager 7.1 via SDI

Current ASA software version: 8.4(7)30

This versiyon is NOT working with RSA Auth.Manager 7.1 via SDI. So, we had to configure RADIUS on RSA and then change AAA server configuration from SDI to RADIUS on ASA.

Upgrade reason: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability (Critical)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike

Actions

Andre Pietersen @ Yavuz Cengiz on Feb 26, 2016 5:05 AM

Thanks

we are using ASA 5540 with 9.1(6)11 which is save for the vulnerability.

As we are running RSA Authentication Manager 8.1 we probably won't hit the same problem as you did.

Actions

5 Replies

Brian Twomey Feb 25, 2016 3:29 PM
Mark Correct
Correct Answer
I would advise opening a case so Support can take a look at this. We would also want to know if it's Native SecurID or Radius....all users or just a segment....this really needs someone to take a deeper look to find out the cause fo the failure.
Like • Show 0 Likes0
Actions
Yavuz Cengiz Feb 26, 2016 12:26 AM
Unmark Correct
Correct Answer
A case open by RSA. They checked and couldn't find any problems in the system and they adviced to check if ASA changed.

Our ASA software has been updated recently. We realized that the problem is beginning after this. New version ASA software is causing communication problem with RSA via SDI protocol. This finding has not been confirmed yet by Cisco. We changed the configuration by configuring RADIUS instead of SDI, then it is beginning to work properly.
Like • Show 0 Likes0
Actions
Andre Pietersen Feb 26, 2016 4:37 AM
Mark Correct
Correct Answer
Can I ask what ASA you are using and which firmware on the ASA.
It might save me some headaches when I encounter the same problem

thanks
Like • Show 0 Likes0
Actions
Yavuz Cengiz Feb 26, 2016 4:47 AM
Mark Correct
Correct Answer
We are using Cisco ASA5510.

Old ASA software version was 8.4(4)1
This versiyon is working with RSA Auth.Manager 7.1 via SDI

Current ASA software version: 8.4(7)30
This versiyon is NOT working with RSA Auth.Manager 7.1 via SDI. So, we had to configure RADIUS on RSA and then change AAA server configuration from SDI to RADIUS on ASA.

Upgrade reason: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability (Critical)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
Like • Show 0 Likes0
Actions
- Andre Pietersen @ Yavuz Cengiz on Feb 26, 2016 5:05 AM
  Mark Correct
  Correct Answer
  Thanks
  
  we are using ASA 5540 with 9.1(6)11 which is save for the vulnerability.
  As we are running RSA Authentication Manager 8.1 we probably won't hit the same problem as you did.
  Like • Show 0 Likes0
  Actions

AUTHN_METHOD_FAILED

Outcomes

Related Content

Recommended Content