RSA Authentication Manager Issue – Node secret mismatch
Follow these instructions if you get following error messages in your Authentication Monitor:
“Node secret mismatch: cleared on server but not on agent”
“Node secret mismatch: agent and server using different node secrets”
1. Open the Security Operations Console and check out the realtime authentication monitor. You gonna find it in the RSA Security Console in the menupoint Reporting.
Reporting –> Real-time activity monitors –> Authentication activity monitor
2. Clear the secret node on your RSA Server and your Cisco ASA. The secret node is stored in the ASA´s flash drive. It should have a name like 192-168-250-100.sdi
You can clear the ASA´s node secret in Access –> Authentication Agents –> Manage Existing. Click on the ASA to open up the dropdown menu, choose Manage Node Secret. Ccheck the box “Clear the node secret” und save your settings.
Within the first authentication the RSA server und the ASA will negotiate a new Node Secret. Make sure that the time is in sync on the RSA Server and the Client before establishing a connection.
3. Now it should be fine. Sometimes you have to repeat step 2. I had to delete the secret 4 times before the authentication worked correctly.
This article helped you? Nice! Please take 1 minute of your time and leave a comment, I would appreciate that. Thank you 🙂