Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1007
Views
0
Helpful
0
Replies

ASDM asking to re-authenticate again & again

nitin.pant
Level 1
Level 1

‎03-22-2022 09:06 AM

Hello Team,

 

We are migrating from ACS to ISE (2.7.0.356) using RSA for AAA(TACACS), When pointing authentication to ISE, we are having issues where we are able to initially log onto ASA’s using ASDM but then we get asked for re-authentication which is failing, when we go on the ISE logs we are seeing the following even though we have just used the same credentials.

 

When pointing auth to ACS everything is good. 

 

This seem to be happening on firewalls which are running in multi context mode, single mode is fine.

 

24560   Searching for user record in RSA identity store Passcode cache - RSA SecurID
24562   User record was not found in Passcode cache - RSA SecurID

 

NOTE: Only when in ASDM the re-login pops up frequently, no re-login prompt seen when doing ssh to ASA CLI. 

 

Below is our configuration:

 

mht-sec-fw-wut-01/admin/act/pri# sh run all ssh
no ssh stricthostkeycheck
ssh x.x.x.x x.x.x.x management
ssh x.x.x.x x.x.x.x management
ssh x.x.x.x x.x.x.x management
ssh x.x.x.x x.x.x.x 5 management
ssh x.x.x.x x.x.x.x management
ssh x.x.x.x x.x.x.x management
ssh timeout 60
ssh version 2
ssh cipher encryption medium
ssh cipher integrity high
ssh key-exchange group dh-group14-sha1
mht-sec-fw-wut-01/admin/act/pri# sh run all http
http server enable 443
http server idle-timeout 20
http server session-timeout 0
http x.x.x.x x.x.x.x management
http server basic-auth-client ASDM
http server basic-auth-client CSM
http server basic-auth-client REST API Agent
mht-sec-fw-wut-01/admin/act/pri# sh run all aaa
aaa authentication enable console CORP-ISE-Tacacs LOCAL
aaa authentication http console CORP-ISE-Tacacs LOCAL
aaa authentication serial console CORP-ISE-Tacacs LOCAL
aaa authentication ssh console CORP-ISE-Tacacs LOCAL
aaa accounting enable console Smart
aaa accounting serial console Smart
aaa accounting ssh console Smart
aaa accounting telnet console Smart
aaa accounting command privilege 15 Smart
aaa proxy-limit 16
no aaa authentication secure-http-client
no aaa local authentication attempts max-fail
aaa authorization exec authentication-server
aaa authentication login-history duration 90


mht-sec-fw-wut-01/admin/act/pri# sh run all tac
aaa-server CORP-ISE-Tacacs protocol tacacs+
aaa-server CORP-ISE-Tacacs (management) host 10.x.x x
key *****

 

Current ASDM version:

Device Manager Version 7.17(1)152

IOS - Cisco Adaptive Security Appliance Software Version 9.13(1) <context>

 

Kindly help... Is there anyone who might have faced this issue? 

0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents