cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3564
Views
4
Helpful
11
Replies

ASDM OTP with RSA SecureID

gilad.hinberger
Level 1
Level 1

Trying to setup AAA OTP with ASA and RSA SecureID.

Works great for CLI/SSH access, but when I'm trying to use it for ASDM, it failed, and I'm getting REUSE ATTACK error on the RSA server.

I tried with Radius and SDI, same results.

Any ideas?

11 Replies 11

gilad.hinberger
Level 1
Level 1

So nobody is using the RSA SecureID OTP tokens to authenticate to the Cisco ASA?

Seems like the ASDM is trying to authenticate several times to the RSA, using the same password,

And that what cause the problem... Apparently this have something to do with the way Java is working.

Anyone?

Jatin Katyal
Cisco Employee
Cisco Employee

Hi Gilad,

Actually lots of people love to use it however there is some limitation with this feature. Here is something I wrote on this topic a couple of weeks ago. You may be intrested to go through this article:

https://supportforums.cisco.com/docs/DOC-35214

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Hi Jatin,

Thanks for the reply, but my problem is completely different...

I'm trying to implement the RSA SecurID authentication with an ASA already running in a single routed mode.

The combination works great with SSH access, but with the ASDM, the RSA server recognise it as REUSE

Attack, and eventually block the token...

What version of ASA and ASDM are you running?

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Latest versions:

ASA - 9.1(2)

ASDM - 7.1(3)

PREMYSL KOPECKY
Level 1
Level 1

I have same issue with OTP when using ASDM.

When I attempting to connect to an ASM, many authentication requests is generated quickly (usualy about seven) to lock user account.

CS ACS 4.2(1)

ASA Version: 8.4(5) (SINGLE ROUTED MODE)

ASDM Version: 7.0(2)

OTP - CRYPTOCard/SafeNet

Regards

Premysl Kopecky

The best explanation I managed to find so far:

https://supportforums.cisco.com/thread/215792

That was more than 6 years ago, and they still didn't manage to make it work

Hi Gilad,

ASDM behaves exactly as described.

Just I do not know why Cisco declare:

http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html#wp481365

New Features for ASA Version 8.2(1):One Time Password Support for ASDM Authentication.
Released: May 6, 2009

Regards
Premysl

Guys:

Can we troubleshoot this issue live and report back with some debugs/logs.

Let me know.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Hi Jatin,

I tried to login to an ASA via telnet/ASDM with password/OTP.

There are some logs (enclosed):

Best regards

Premysl Kopecky

     

P.S.: Bug "CSCuf91463 - ASDM resending the same passcode during OTP authentication - failing it" describes workaround for ASDM OTP.

Hi

I've the same problem

Are there any news about?

Regards

Gianluca