WebVPN on ASA 5505. How to use both Radius and local authentication

Unanswered Question
May 29th, 2007
User Badges:

Hello,


WebVPN with radius (MS IAS) authentication works perfectly, alone. It's the same for local authentication.


But i can't use both authentication method.


Here is my authentication configuration:


tunnel-group DefaultWEBVPNGroup general-attributes

address-pool POOL_SSL

authentication-server-group AUTH-RADIUS LOCAL

accounting-server-group AUTH-RADIUS


But that doesn't seem to work.


In fact, i would like that my "own" users can log on Active Directory (with Radius authentication) and that my partners log on with the local database.



Somebody can help me ?


Thanks.


Julien

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
ggilbert Tue, 05/29/2007 - 12:00
User Badges:
  • Cisco Employee,

Julien,


This cant be done. User authentication to your local database will happen only if your RADIUS server not available.


What you are trying to do, will not work.


Sorry to give you the bad news.


Cheers

Gilbert

jbillochon Tue, 05/29/2007 - 23:11
User Badges:

Hello,


Gilbert, Thanks for the reply.


I was afraid about this type of answer...But not very surprise.


So, Maybe it's possible to use 2 tunnelgroup policy ? One using Radius authentication and the other Local authentication ?


If it's not possible, i dont' t understand why it's possible to create many WebVPN tunnel group (at least 2 !) without being able to use it ?


Any idea ?


Thanks.


Julien


jbillochon Tue, 05/29/2007 - 23:39
User Badges:

Hello again,


I've found a solution.


I create a second tunnelgroup call "partners", use local database authentication et create an alias like.


https://vpn.mycompany.com/partners


That works perfectly !!


Thanks for your help.


Julien

Actions

This Discussion