WebVPN on ASA 5505. How to use both Radius and local authentication

Unanswered Question
May 29th, 2007


WebVPN with radius (MS IAS) authentication works perfectly, alone. It's the same for local authentication.

But i can't use both authentication method.

Here is my authentication configuration:

tunnel-group DefaultWEBVPNGroup general-attributes

address-pool POOL_SSL

authentication-server-group AUTH-RADIUS LOCAL

accounting-server-group AUTH-RADIUS

But that doesn't seem to work.

In fact, i would like that my "own" users can log on Active Directory (with Radius authentication) and that my partners log on with the local database.

Somebody can help me ?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
ggilbert Tue, 05/29/2007 - 12:00


This cant be done. User authentication to your local database will happen only if your RADIUS server not available.

What you are trying to do, will not work.

Sorry to give you the bad news.



jbillochon Tue, 05/29/2007 - 23:11


Gilbert, Thanks for the reply.

I was afraid about this type of answer...But not very surprise.

So, Maybe it's possible to use 2 tunnelgroup policy ? One using Radius authentication and the other Local authentication ?

If it's not possible, i dont' t understand why it's possible to create many WebVPN tunnel group (at least 2 !) without being able to use it ?

Any idea ?




This Discussion