SecurID: How to verify if TCP/UDP ports are allowed between a Linux machine and Authentication Manager.
Originally Published: 2020-05-14
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
Issue
This article provides steps to test UDP/TCP connectivity between below agents and Authentication manager.
- RSA Authentication Agent for PAM.
- RSA Authentication Agent for Web: Apache Web Server.
- An agent that is created with the RSA Authentication Agent SDK.
This can help determine if the issue is on the RSA Authentication Manager side or on the agent side.
Resolution
The following scenario is to test if connection is allowed between Linux machine and Authentication manager on UDP Port 5500.
- SSH or directly access a Linux machine which has the agent installed on it to start testing connectivity.
- Run the command echo "This is my data" > /dev/udp/<IP address>/<port> on the Linux machine. Be sure to change the IP address in the command to your RSA Authentication Manager IP address and change 5500 to the port being tested.
echo "This is my data" > /dev/udp/<AM IP Address>/5500
- Launch an SSH client, such as PuTTY.
- Log in to the primary RSA Authentication Manager server as rsaadmin and enter the operating system password.
During Quick Setup, another username may have been selected. Use that username to log in.
login as: rsaadmin Using keyboard-interactive authentication. Password:<enter operating system password> Last login: Tue May 12 21:39:41 2020 from 192.168.231.1 RSA Authentication Manager Installation Directory: /opt/rsa/am
- Elevate privileges to root to run tcpdump.
rsaadmin@AM:~> sudo su -
rsaadmin's password: <enter operating system password>- On the RSA Authentication Manager side, capture all traffic coming on port 5500 using the command tcpdump -i eth0 -n -vv -s 0 port 5500 and host <IP address>.
- After starting the tcpdump with the correct IP address for the agent, run the echo command from step 2:
AM:~ # tcpdump -i eth0 -n -vv -s 0 port 5500 and host <Linux Machine IP Address> tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 17:01:25.296635 IP (tos 0x0, ttl 64, id 31186, offset 0, flags [DF], proto UDP (17), length 44) 192.168.231.192.41668 > 192.168.231.5.5500: [udp sum ok] UDP, length 16
This shows that the RSA Authentication Manager server received the UDP packets.
Notes
To test sending TCP packets, change the udp the echo command to tcp, as shown:
echo "This is my data" > /dev/tcp/192.168.231.5/5500
Related Articles
LDAP search error - [LDAPsearch] referral received Number of Views How to verify that RSA Authentication Agent for Windows can perform challenge user lookups across different Active Directo… Number of Views Generic REST Collector test fails with 'Unexpected response content type received. Expected content type is: application/j… Number of Views Error "Reference resolution: Invalid user type attribute information. Specified user references couldn't be resolved." is … Number of Views Unable to receive emails from RSA's customer support ticketing system and/or our ID Plus mail service Number of Views
Trending Articles
An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
