Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

New Member

PIX cannot authenticate remote users with RSA

I configured the PIX to allow for remote users to connect using a Cisco VPN client.

The authentication is done on a RSA server which is in a different building (over a WAN), the firewall can ping the RSA without a problem.

When a user tries to connect to the firewall, I the firewall is giving me the following:

6|Mar 11 2008 16:31:22|113014: AAA authentication server not accessible : server = 10.0.100.68 : user = abc

4|Mar 11 2008 16:31:22|109027: [ RADIUS ] Unable to decypher response message Server = 10.0.100.68, User = abc

6|Mar 11 2008 16:31:19|302015: Built outbound UDP connection 14292973 for inside:10.0.100.68/1645 (10.0.100.68/1645) to NP Identity Ifc:10.20.99.33/1025 (10.20.99.33/1025)

6|Mar 11 2008 16:23:09|302016: Teardown UDP connection 14291278 for inside:10.0.100.68/1645 to NP Identity Ifc:10.20.99.33/1025 duration 0:03:04 bytes 1098

6|Mar 11 2008 16:21:03|113014: AAA authentication server not accessible : server = 10.0.100.68 : user = abc

4|Mar 11 2008 16:21:03|109027: [ RADIUS ] Unable to decypher response message Server = 10.0.100.68, User = abc

6|Mar 11 2008 16:21:02|113014: AAA authentication server not accessible : server = 10.0.100.68 : user = abc

Looking at cisco, this message is saying that the firewall is having issues communicating with the RSA server, but I can ping it without an issue, and barely any latency.

Any idea???

2 REPLIES
Gold

Re: PIX cannot authenticate remote users with RSA

1st have you tested so that the RSA device works with a radius testing tool

If not then thats where i would start.

it could be wrong password or that the device does not accept connections from this unit. a test tool would show you if that is the case.

New Member

Re: PIX cannot authenticate remote users with RSA

The RSA is working with another firewall, so I know it is functioning. The issue may be that firewall that cannot authenticate with the RSA server is across a WAN which may cause an issue. I am now building another RSA server in the same site and see if that makes a difference, I'll let you know.

628
Views
0
Helpful
2
Replies
CreatePlease to create content