01-25-2019 01:55 PM
What controls the two-factor (SecurID in this case) authentication timeout when authenticating against Cisco ASA5525x SSL VPN?
This is timeout that occurs after the user has provided their username and PIN BUT before they enter their tokencode?
Is this controlled in RSA or on the ASA?
Please help.
Thanks.
01-25-2019 02:14 PM
Hi,
I believe the timeout you are referring to, is configured under the aaa configuration on the ASA. Reference here.
E.g:- aaa-server RADIUS-SVR host 192.168.10.20 timeout 20
HTH
01-26-2019 04:01 AM
01-29-2019 06:13 AM
There is a 12 second default timeout for the AnyConnect authentication prompt. This is controlled by the AnyConnect profile setting. You might want to change it to 60 seconds or so.
There are also timeouts for the ASA to reach the AAA server like @Rob Ingram mentioned. But which timeout plays a role depends on at what point he/she faces the timeout. If the timeout happens when the prompt is up, then it is the Authentication timeout I mentioned above. If it is something after the username/password is sent, then it is most likely a AAA server timeout.
02-01-2019 10:06 AM
Thanks for all your responses. I should have been a little more clear in my original post.
I am only referring to clientless SSL WEB VPN authentication, not AnyConnect client authentication.
Specifically, the timeout I am asking about is that for the token code to be entered (after username and PIN have already been provided).
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: