Base group IPSEC tab has authentication set to "Internal." RemoteAccess group IPSEC tab has authentication set to "RADIUS with Expiry." WebVPN group IPSEC tab has authentication set to "Internal."
Configuration/System/Servers/Authentication has two entries: RADIUS server first, internal second. I need internal to be first because I have my WebVPN users configured on the internal database. However, if RADIUS server is not first, RemoteAccess group users fail to authenticate.
I tried configuring the RADIUS server on the Authentication servers button for the RemoteAccess group in Configuration/User Management/Groups, but get the same result.
Basically, my question is: how can I authenticate IPSEC remote access VPN users with RADIUS and WebVPN users with internal database?