ScreenOS Firewalls (NOT SRX)
Posts: 1
Registered: ‎10-04-2011

Having an issue with RSA SecurID Auth

I am trying to authenticate admin users using an RSA SecurID server. I have configured the server on the firewall itself, and configured teh login procedure to use the RSA server, however when I try to authenticate I get the error:


"Admin user User1 has been rejected via the SecurID server at" (User1 can authenticate to other things using our RSA server)


set auth-server "rsa" id 2
set auth-server "rsa" server-name "x.x.x.x"
set auth-server "rsa" account-type admin
set auth-server "rsa" type securid
set auth-server "rsa" securid encr 0

set auth-server "rsa" src-interface "vlan1" (this is a Layer 2 firewall set up, but I have also tried leaving src-interface blank)

set admin auth server "rsa"

set admin auth remote primary

set admin privilege read-write


This is a testing box, so my policies are ALLOW: ALL for all the zones.

Anyone run into this before?



Distinguished Expert
Posts: 826
Registered: ‎05-04-2008

Re: Having an issue with RSA SecurID Auth



It's been a while since I've configured RSA, but I recall needing a Host Agent which matches the IP of the ScreenOS box.  Has that been setup?

John Judge

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
Recognized Expert
Posts: 236
Registered: ‎02-03-2009

Re: Having an issue with RSA SecurID Auth

IIRC the bit means that the agent host is not setup on RSA and it may also mean that the node_secret is off.


Attached is a Word export of a write-up we have on our internal network wiki based on a project that we did with SSG, RSA, and Netscreen-Remote.


PDF export was doing some weird stuff to the formatting so I had to stick with MS Word



Copyright© 1999-2015 Juniper Networks, Inc. All rights reserved.