Technical Note: Not Prompting for Credentials When Connecting to ASA with Failed Authentication Message
Description
Solution
Not Prompting for Credentials When Connecting to ASA with Failed Authentication Message
Solution
Issue: User is not prompted to enter credentials (e.g. PVN and serial number) when connecting to VPN using 2Factor authentication.
2Factor server sends an Access Reject to Network Sentry. 2Factor server log displays "Failed authentication for <userid>. Invalid response to a challenge."
Network Sentry, in turn, responds to ASA with an Access Reject. The ASA logs a message stating the AAA authentication server is not available.
Solution: Ensure the following use the exact same pre-shared key:
Network Sentry ASA model config
ASA
Network Sentry 2Factor Server model config
2Factor Server
2Factor server sends an Access Reject to Network Sentry. 2Factor server log displays "Failed authentication for <userid>. Invalid response to a challenge."
Network Sentry, in turn, responds to ASA with an Access Reject. The ASA logs a message stating the AAA authentication server is not available.
Solution: Ensure the following use the exact same pre-shared key:
Network Sentry ASA model config
ASA
Network Sentry 2Factor Server model config
2Factor Server