What controls the two-factor (SecurID in this case) authentication timeout when authenticating against Cisco ASA5525x SSL VPN?
This is timeout that occurs after the user has provided their username and PIN BUT before they enter their tokencode?
Is this controlled in RSA or on the ASA?
I believe the timeout you are referring to, is configured under the aaa configuration on the ASA. Reference here.
E.g:- aaa-server RADIUS-SVR host 192.168.10.20 timeout 20
There is a 12 second default timeout for the AnyConnect authentication prompt. This is controlled by the AnyConnect profile setting. You might want to change it to 60 seconds or so.
There are also timeouts for the ASA to reach the AAA server like @RJI mentioned. But which timeout plays a role depends on at what point he/she faces the timeout. If the timeout happens when the prompt is up, then it is the Authentication timeout I mentioned above. If it is something after the username/password is sent, then it is most likely a AAA server timeout.
Thanks for all your responses. I should have been a little more clear in my original post.
I am only referring to clientless SSL WEB VPN authentication, not AnyConnect client authentication.
Specifically, the timeout I am asking about is that for the token code to be entered (after username and PIN have already been provided).