Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
SecurID fails after re-ip addressing ASA
So I learned something new about SDI (RSA securID) yesterday. So I put a new ASA in parallel to an old Pix. I pointed my new ASA over to their brand new RSA server. Then when we moved the ASA into the same IP space as the PIX, everything worked except for RSA authentication. We checked DNS and the ‘agent hosts’ on the RSA and everything seemed correct. Then I read about the sdi file on the flash of an ASA. So what happens is on the first authentication, the RSA hands down an sdi file to the ASA and this becomes the shared key between the 2 devices. The only problem that I found was that the file contains the inside IP of the ASA. So when I changed my inside IP of the my ASA to the IP of the PIX, that sdi file was now invalid. The way to fix it was to simply delete the file.
Error message on the RSA was “node verification failed.”
vpn(config)# dir Directory of disk0:/
6 drwx 8192 09:18:46 May 31 2008 crypto_archive 91 -rwx 14635008 03:08:24 Aug 12 2008 asa803-k8.bin 92 -rwx 6851212 03:10:56 Aug 12 2008 asdm-603.bin 2 drwx 8192 03:14:44 Aug 12 2008 log 93 -rwx 2153344 11:33:12 Aug 12 2008 anyconnect-win-2.2.0136-k9.pkg 99 -rwx 512 19:01:08 Aug 13 2008 10-100-1-20.sdi