More than 1 AAA server for logging in to WebVPN

Unanswered Question
Mar 31st, 2006
User Badges:

Hi everybody,


Does anyone know if ASA supports simultaneous authentication more than 1 AAA server? I've created LDAP and SecurID token account for every users and want them provide both account information for logging in to WebVPN.


Please advice.

Thanks for advance,

Nitass

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sbilgi Thu, 04/06/2006 - 12:11
User Badges:
  • Silver, 250 points or more

If you are aaa server you are referring to is "radius server", then you can try out the following commands.


In ASDM you would simply add the said RADIUS servers to the "server group"


If you wish to do this through CLI, you would define a group eg


aaa-server radius protocol radius

aaa-server radius host x.x.x.x

aaa-server radius host y.y.y.y

aaa-server radius host z.z.z.z

and you would then call this in the said tunnel-group :


tunnel-group opsource type ipsec-ra

tunnel-group opsource general-attributes

address-pool admin_ra

authentication-server-group radius LOCAL

default-group-policy opsource



nitass Thu, 04/06/2006 - 14:52
User Badges:

Thanks for reply. As you configured, which radius server does ASA authenticate to when WebVPN users try to login?


I want the ASA authenticate to more than 1 AAA server e.g. host x.x.x.x and y.y.y.y that they have different credential information in the same time. That means WebVPN user has to fill 4 credentials information e.g. host x user and password, host y user and password in the login page. Is it possible?


Please advice.


Thanks,

Nitass

Actions

This Discussion