sdi authentication with 3030 concentrator os version 3.5.3
i am using 2 3030 concentrators doing native sdi authentication. os version 3.5.3. randomly, users will get authentication failures. i see a message in the log that the sdi server is unspecified, when in fact, it is working....other users are getting authenticated and i can ping the sdi server at the time of the failure.
Re: sdi authentication with 3030 concentrator os version 3.5.3
I've had the same problem, and in each case (without exception) the problem has been user related. They had input either the wrong passcode, wrong pin, just the pin, just the code, yada yada. Even though it's tough to tell the users that they're putting in the wrong passcode, I'll bet that a review of the SDI logs will confirm it. The other thing to check is that your SDI server has a really accurate time reference - drift is bad in the RSA's world. If you're running on a WinTel box, check out analogx.com for a nice time sync program that's free. Best of luck.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...