×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Can you have both AAA and Local User database for vpn anyconnect

Unanswered Question
Dec 30th, 2013
User Badges:

I have an ASA with 9.1.1 code using the corperate LDAP for authentacation, and it works great, but the customer also wants a few accounts with local login, In case the AD goes down.  I have never tried this, I have done one or the other.


Is this possible?


thanks,

chuck

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marvin Rhoads Mon, 12/30/2013 - 19:49
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Sure we do this all the time.


As Marcin notes, it is AD first and, as long as AD is available, one must use AD credentials. If (and only if) the AD-based authentication server is not available will the ASA fall back to the local authentication method.

Actions

This Discussion