topic ASDM OTP with RSA SecureID in Network Access Control

ASDM OTP with RSA SecureID

gilad.hinberger — Mon, 11 Mar 2019 03:51:20 GMT

Trying to setup AAA OTP with ASA and RSA SecureID.

Works great for CLI/SSH access, but when I'm trying to use it for ASDM, it failed, and I'm getting REUSE ATTACK error on the RSA server.

I tried with Radius and SDI, same results.

Any ideas?

ASDM OTP with RSA SecureID

gilad.hinberger — Thu, 05 Sep 2013 09:35:41 GMT

So nobody is using the RSA SecureID OTP tokens to authenticate to the Cisco ASA?

Seems like the ASDM is trying to authenticate several times to the RSA, using the same password,

And that what cause the problem... Apparently this have something to do with the way Java is working.

Anyone?

ASDM OTP with RSA SecureID

Jatin Katyal — Thu, 05 Sep 2013 13:43:10 GMT

Hi Gilad,

Actually lots of people love to use it however there is some limitation with this feature. Here is something I wrote on this topic a couple of weeks ago. You may be intrested to go through this article:

https://supportforums.cisco.com/docs/DOC-35214

~BR
Jatin Katyal

**Do rate helpful posts**

ASDM OTP with RSA SecureID

gilad.hinberger — Fri, 06 Sep 2013 08:39:01 GMT

Hi Jatin,

Thanks for the reply, but my problem is completely different...

I'm trying to implement the RSA SecurID authentication with an ASA already running in a single routed mode.

The combination works great with SSH access, but with the ASDM, the RSA server recognise it as REUSE

Attack, and eventually block the token...

ASDM OTP with RSA SecureID

Jatin Katyal — Fri, 06 Sep 2013 11:21:53 GMT

What version of ASA and ASDM are you running?

~BR
Jatin Katyal

**Do rate helpful posts**

ASDM OTP with RSA SecureID

gilad.hinberger — Fri, 06 Sep 2013 12:05:51 GMT

Latest versions:

ASA - 9.1(2)

ASDM - 7.1(3)

ASDM OTP with RSA SecureID

PREMYSL KOPECKY — Thu, 03 Oct 2013 11:05:26 GMT

I have same issue with OTP when using ASDM.

When I attempting to connect to an ASM, many authentication requests is generated quickly (usualy about seven) to lock user account.

CS ACS 4.2(1)

ASA Version: 8.4(5) (SINGLE ROUTED MODE)

ASDM Version: 7.0(2)

OTP - CRYPTOCard/SafeNet

Regards

Premysl Kopecky

ASDM OTP with RSA SecureID

gilad.hinberger — Fri, 04 Oct 2013 10:36:02 GMT

The best explanation I managed to find so far:

https://supportforums.cisco.com/thread/215792

That was more than 6 years ago, and they still didn't manage to make it work

ASDM OTP with RSA SecureID

PREMYSL KOPECKY — Fri, 04 Oct 2013 13:05:00 GMT

Hi Gilad,

ASDM behaves exactly as described.

Just I do not know why Cisco declare:

http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html#wp481365

New Features for ASA Version 8.2(1):One Time Password Support for ASDM Authentication.
Released: May 6, 2009

Regards
Premysl

ASDM OTP with RSA SecureID

Jatin Katyal — Fri, 04 Oct 2013 21:29:48 GMT

Guys:

Can we troubleshoot this issue live and report back with some debugs/logs.

Let me know.

~BR
Jatin Katyal

**Do rate helpful posts**

Re: ASDM OTP with RSA SecureID

PREMYSL KOPECKY — Thu, 17 Oct 2013 19:49:02 GMT

Hi Jatin,

I tried to login to an ASA via telnet/ASDM with password/OTP.

There are some logs (enclosed):

Best regards

Premysl Kopecky

P.S.: Bug "CSCuf91463 - ASDM resending the same passcode during OTP authentication - failing it" describes workaround for ASDM OTP.

Re: ASDM OTP with RSA SecureID

ggozzi — Thu, 27 Sep 2018 10:26:08 GMT

I've the same problem

Are there any news about?

Regards

Gianluca