Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASDM OTP with RSA SecureID

Trying to setup AAA OTP with ASA and RSA SecureID.

Works great for CLI/SSH access, but when I'm trying to use it for ASDM, it failed, and I'm getting REUSE ATTACK error on the RSA server.

I tried with Radius and SDI, same results.

Any ideas?

10 REPLIES
New Member

ASDM OTP with RSA SecureID

So nobody is using the RSA SecureID OTP tokens to authenticate to the Cisco ASA?

Seems like the ASDM is trying to authenticate several times to the RSA, using the same password,

And that what cause the problem... Apparently this have something to do with the way Java is working.

Anyone?

Cisco Employee

ASDM OTP with RSA SecureID

Hi Gilad,

Actually lots of people love to use it however there is some limitation with this feature. Here is something I wrote on this topic a couple of weeks ago. You may be intrested to go through this article:

https://supportforums.cisco.com/docs/DOC-35214

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

ASDM OTP with RSA SecureID

Hi Jatin,

Thanks for the reply, but my problem is completely different...

I'm trying to implement the RSA SecurID authentication with an ASA already running in a single routed mode.

The combination works great with SSH access, but with the ASDM, the RSA server recognise it as REUSE

Attack, and eventually block the token...

Cisco Employee

ASDM OTP with RSA SecureID

What version of ASA and ASDM are you running?

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

ASDM OTP with RSA SecureID

Latest versions:

ASA - 9.1(2)

ASDM - 7.1(3)

New Member

ASDM OTP with RSA SecureID

I have same issue with OTP when using ASDM.

When I attempting to connect to an ASM, many authentication requests is generated quickly (usualy about seven) to lock user account.

CS ACS 4.2(1)

ASA Version: 8.4(5) (SINGLE ROUTED MODE)

ASDM Version: 7.0(2)

OTP - CRYPTOCard/SafeNet

Regards

Premysl Kopecky

New Member

ASDM OTP with RSA SecureID

The best explanation I managed to find so far:

https://supportforums.cisco.com/thread/215792

That was more than 6 years ago, and they still didn't manage to make it work

New Member

ASDM OTP with RSA SecureID

Hi Gilad,

ASDM behaves exactly as described.

Just I do not know why Cisco declare:

http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html#wp481365

New Features for ASA Version 8.2(1):One Time Password Support for ASDM Authentication.
Released: May 6, 2009

Regards
Premysl

Cisco Employee

ASDM OTP with RSA SecureID

Guys:

Can we troubleshoot this issue live and report back with some debugs/logs.

Let me know.

~BR
Jatin Katyal

**Do rate helpful posts**

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: ASDM OTP with RSA SecureID

Hi Jatin,

I tried to login to an ASA via telnet/ASDM with password/OTP.

There are some logs (enclosed):

Best regards

Premysl Kopecky

     

P.S.: Bug "CSCuf91463 - ASDM resending the same passcode during OTP authentication - failing it" describes workaround for ASDM OTP.

952
Views
4
Helpful
10
Replies
CreatePlease login to create content