Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
818
Views
0
Helpful
2
Replies

PIX cannot authenticate remote users with RSA

ronshuster
Level 1
Level 1

‎03-11-2008 08:58 AM

I configured the PIX to allow for remote users to connect using a Cisco VPN client.

The authentication is done on a RSA server which is in a different building (over a WAN), the firewall can ping the RSA without a problem.

When a user tries to connect to the firewall, I the firewall is giving me the following:

6|Mar 11 2008 16:31:22|113014: AAA authentication server not accessible : server = 10.0.100.68 : user = abc

4|Mar 11 2008 16:31:22|109027: [ RADIUS ] Unable to decypher response message Server = 10.0.100.68, User = abc

6|Mar 11 2008 16:31:19|302015: Built outbound UDP connection 14292973 for inside:10.0.100.68/1645 (10.0.100.68/1645) to NP Identity Ifc:10.20.99.33/1025 (10.20.99.33/1025)

6|Mar 11 2008 16:23:09|302016: Teardown UDP connection 14291278 for inside:10.0.100.68/1645 to NP Identity Ifc:10.20.99.33/1025 duration 0:03:04 bytes 1098

6|Mar 11 2008 16:21:03|113014: AAA authentication server not accessible : server = 10.0.100.68 : user = abc

4|Mar 11 2008 16:21:03|109027: [ RADIUS ] Unable to decypher response message Server = 10.0.100.68, User = abc

6|Mar 11 2008 16:21:02|113014: AAA authentication server not accessible : server = 10.0.100.68 : user = abc

Looking at cisco, this message is saying that the firewall is having issues communicating with the RSA server, but I can ping it without an issue, and barely any latency.

Any idea???

Labels:
0 Helpful
2 Replies 2

hobbe
Level 7
Level 7

‎03-17-2008 05:14 AM

1st have you tested so that the RSA device works with a radius testing tool

If not then thats where i would start.

it could be wrong password or that the device does not accept connections from this unit. a test tool would show you if that is the case.

0 Helpful

ronshuster
Level 1
Level 1
In response to hobbe

‎03-17-2008 06:40 AM

The RSA is working with another firewall, so I know it is functioning. The issue may be that firewall that cannot authenticate with the RSA server is across a WAN which may cause an issue. I am now building another RSA server in the same site and see if that makes a difference, I'll let you know.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents