Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1880
Views
0
Helpful
2
Replies

Cisco ASA AAA server status is suspended

gwccnetops
Level 1
Level 1

‎10-23-2015 04:22 PM - edited ‎03-10-2019 11:10 PM

Why does the ASA place the aaa-server status to suspended for RSA authentication. After I reset the ASA server configuration for the aaa-server my status returns to ok but when a VPN request comes in the status immediately goes suspended. Any suggestions?

ASA1# show aaa-server rsapri host 10.1.1.51
Server Group:    rsapri
Server Protocol: sdi
Server Address:  10.1.1.51
Server port:     5500
Server status:   ACTIVE, Last transaction at unknown
Number of pending requests              0
Average round trip time                 10000ms
Number of authentication requests       3
Number of authorization requests        0
Number of accounting requests           0
Number of retransmissions               0
Number of accepts                       0
Number of rejects                       0
Number of challenges                    0
Number of malformed responses           0
Number of bad authenticators            0
Number of timeouts                      3
Number of unrecognized responses        0


SDI Server List:
        Active Address:          10.1.1.51
        Server Address:          10.1.1.51
        Server port:             5500
        Priority:                0
        Proximity:               0
        Status:                  SUSPENDED
        Number of accepts                       0
        Number of rejects                       0
        Number of bad next token codes          0
        Number of bad new pins sent             0
        Number of retries                       4
        Number of timeouts                      4

Labels:
0 Helpful
2 Replies 2

jan.nielsen
Level 7
Level 7

‎10-23-2015 06:58 PM

Looks to me like your RSA server is just not responding to the ASA's requests. Maybe check the RSA logs to see whats going on.

0 Helpful

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎10-24-2015 08:52 PM

Hi,

In suspended mode, ASA does not try to send any packets to that server. In such scenario it is best to remove and add the AAA-server configuration for that group in order to trigger that server in to active mode.

But you can try using re-activation command as well.

Re-activation command ref.

Hope it Helps..

-GI

Rate if it Helps..

0 Helpful
Customers Also Viewed These Support Documents