This document will help you troubleshoot common problems with SecureAuth Radius.
Verify the ASA interface IP which speaks to SecureAuth is allowed on the Radius clients list
For SecureAuth to trust the Cisco device it must have the IP Address of the interface that connects to the Radius service. To verify this, RDP into SecureAuth and open up Internet Explorer and type in this URL
Verify The Secret Key Matches On SecureAuth and the Radius Client
If this does not match on both ends you will likely get a error stating the OTP is wrong even though you put the right code in.
Verify Windows Firewall Is Not Blocking UDP Port 1812 ( by default)
SecureAuth Radius uses UDP port 1812 by default for authentication, if this port is blocked either by the Windows Firewall or a hardware firewall or router then authentication to SecureAuth will time out and prevent users authenticating.