cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1015
Views
15
Helpful
4
Replies

SSL VPN two-factor authentication timeout

N3t W0rK3r
Level 3
Level 3

What controls the two-factor (SecurID in this case) authentication timeout when authenticating against Cisco ASA5525x SSL VPN?

This is timeout that occurs after the user has provided their username and PIN BUT before they enter their tokencode?

Is this controlled in RSA or on the ASA?

 

Please help.

 

Thanks.

4 Replies 4

Hi,

I believe the timeout you are referring to, is configured under the aaa configuration on the ASA. Reference here.

 

E.g:- aaa-server RADIUS-SVR host 192.168.10.20 timeout 20

 

HTH

 

 

It can be by both depending if the message arrived at ASA and forwaded or
not yet arrived.

Rahul Govindan
VIP Alumni
VIP Alumni

There is a 12 second default timeout for the AnyConnect authentication prompt. This is controlled by the AnyConnect profile setting. You might want to change it to 60 seconds or so. 

 

 

There are also timeouts for the ASA to reach the AAA server like @Rob Ingram mentioned. But which timeout plays a role depends on at what point he/she faces the timeout. If the timeout happens when the prompt is up, then it is the Authentication timeout I mentioned above. If it is something after the username/password is sent, then it is most likely a AAA server timeout. 

Thanks for all your responses.  I should have been a little more clear in my original post.

 

I am only referring to clientless SSL WEB VPN authentication, not AnyConnect client authentication.

 

Specifically, the timeout I am asking about is that for the token code to be entered (after username and PIN have already been provided).

Capture.PNG

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: