ScreenOS Firewalls (NOT SRX)
ScreenOS Firewalls (NOT SRX)

Having an issue with RSA SecurID Auth

10.04.11   |  
‎10-04-2011 09:57 AM

I am trying to authenticate admin users using an RSA SecurID server. I have configured the server on the firewall itself, and configured teh login procedure to use the RSA server, however when I try to authenticate I get the error:


"Admin user User1 has been rejected via the SecurID server at" (User1 can authenticate to other things using our RSA server)


set auth-server "rsa" id 2
set auth-server "rsa" server-name "x.x.x.x"
set auth-server "rsa" account-type admin
set auth-server "rsa" type securid
set auth-server "rsa" securid encr 0

set auth-server "rsa" src-interface "vlan1" (this is a Layer 2 firewall set up, but I have also tried leaving src-interface blank)

set admin auth server "rsa"

set admin auth remote primary

set admin privilege read-write


This is a testing box, so my policies are ALLOW: ALL for all the zones.

Anyone run into this before?



ScreenOS Firewalls (NOT SRX)

Re: Having an issue with RSA SecurID Auth

10.04.11   |  
‎10-04-2011 08:43 PM



It's been a while since I've configured RSA, but I recall needing a Host Agent which matches the IP of the ScreenOS box.  Has that been setup?

John Judge

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.
ScreenOS Firewalls (NOT SRX)

Re: Having an issue with RSA SecurID Auth

10.10.11   |  
‎10-10-2011 04:43 PM

IIRC the bit means that the agent host is not setup on RSA and it may also mean that the node_secret is off.


Attached is a Word export of a write-up we have on our internal network wiki based on a project that we did with SSG, RSA, and Netscreen-Remote.


PDF export was doing some weird stuff to the formatting so I had to stick with MS Word