Cisco validating identity error
RSA Secur ID (SDI) is a solution provided by RSA Security.
The RSA ACE/Server is the administrative component of the SDI solution. Cisco ASA supports SDI authentication natively only for VPN user authentication.
The Cisco ASA authenticates itself to the RADIUS server by using a preconfigured shared secret.
For security reasons, this shared secret is never sent over the network.
This chapter provides a detailed explanation of the configuration and troubleshooting of authentication, authorization, and accounting (AAA) network security services that Cisco ASA supports.
AAA offers different solutions that provide access control to network devices.
The RADIUS server does this by sending Internet Engineering Task Force (IETF) or vendor-specific attributes.The following subsections introduce each of the authentication protocols and servers that Cisco ASA supports.RADIUS is a widely implemented authentication standard protocol that is defined in RFC 2865, "Remote Authentication Dial-In User Service (RADIUS)." RADIUS operates in a client/server model.(RADIUS authentication attributes are defined in RFC 2865.) Figure 6-1 illustrates how this process works.The RADIUS server can also send IETF or vendor-specific attributes to the Cisco ASA, depending on the implementation and services used.The TACACS authentication concept is similar to RADIUS.The NAS sends an authentication request to the TACACS server (daemon).The SDI solution uses small physical devices called that provide users with an OTP that changes every 60 seconds.These OTPs are generated when a user enters a personal identification number and are synchronized with the server to provide the authentication service.These attributes can contain information such as an IP address to assign the client and authorization information.RADIUS servers combine authentication and authorization phases into a single request-and-response communication cycle.