vpn 3000 radius + internal database

Unanswered Question
Dec 6th, 2007

Hello,

i think this question is too obvious for most of you, but here it goes...

We have defined a group that authenticates users in a external Radius with success...but now we need to add some internal users to have this same profile (maybe same group??) and authenticate , but internally..

is that possible???

thank you in advance,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
JORGE RODRIGUEZ Thu, 12/06/2007 - 14:28

Ismael, according to this document yes it is feasable to use internal user database for user authentication through its local database.. please refer to this doc.. you can have up to 100 groups or 100 users in the internal database but that does not exceed 100 in combination of both groups and users in vpn 3005/30015, the number for local database groups and users is 1000 for vpn3060 and 3080.

Basic configuration

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_getting_started_guide_chapter09186a008015cfd5.html

FAQ

http://www.cisco.com/en/US/products/hw/vpndevc/ps2284/products_qanda_item09186a0080094cf4.shtml

HTH

Jorge

pls rate any helpful post if it helps!

imagadan Fri, 12/07/2007 - 01:37

yes, it is feasible to use internal database, but..is it possible that a user called, let's say ciscouser, first try to authenticate against RADIUS, and if it fails there, try to authenticate as last resort in internal database???

thank you..

JORGE RODRIGUEZ Fri, 12/07/2007 - 10:36

It shouldn't because when you create a newvpn group,you will explicitely indicate in the new group configuration that the method of auth be internal but RADIUS,best is to create the new group, new user in internal database and test it.

HTH

Jorge

Actions

This Discussion