"Invalid authentication handle" reported by the Cisco AnyConnect client when using RSA SecurID Access Cloud Authentication Service RADIUS
Originally Published: 2017-09-19
Article Number
Applies To
RSA Product/Service Type: Identity Router
Issue
It is essentially a timeout error. It means that the RADIUS authentication response was not received by Cisco ASA before the configured or default authentication timeout set in that product
Cause
- The time taken to authenticate is genuinely longer than the timeout configured for Cisco, or
- The authentication response was not delivered to Cisco for some reason
Resolution
- Cisco AnyConnect - RSA SecurID Access Implementation Guide
- Cisco ASA 9.5.2 - RSA SecurID Access Implementation Guide
<ServerList> <HostEntry> <HostName>label for UI</HostName> <HostAddress>hostname or IP address of the ASA</HostAddress> </HostEntry> </ServerList>
If ServerList HostEntry is not configured, then a 12 second timeout will be used by Cisco no matter what the actual timeout value is set to.
Related Articles
Cisco AnyConnect sends multiple authentication requests to RSA Authentication Manager 8.4 Number of Views Radius Client Authentication failed For PIN+Token profile (New PIN Mode) with Cisco Anyconnect VPN Number of Views AnyConnect Configuration - Cisco ASA RSA Ready SecurID Access Implementation Guide Number of Views RSA SecurID Access Free Trial Cisco AnyConnect Guide Number of Views Cisco ASA - RSASecurID Access Implementation Guide Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide How to Download OTP Token Seed Files from myRSA How to factory reset an RSA Authentication Manager 8.x hardware appliance without a factory reset button from the Operatio… RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
