03-31-2006 09:37 AM - edited 03-10-2019 02:31 PM
Hi everybody,
Does anyone know if ASA supports simultaneous authentication more than 1 AAA server? I've created LDAP and SecurID token account for every users and want them provide both account information for logging in to WebVPN.
Please advice.
Thanks for advance,
Nitass
04-06-2006 12:11 PM
If you are aaa server you are referring to is "radius server", then you can try out the following commands.
In ASDM you would simply add the said RADIUS servers to the "server group"
If you wish to do this through CLI, you would define a group eg
aaa-server radius protocol radius
aaa-server radius host x.x.x.x
aaa-server radius host y.y.y.y
aaa-server radius host z.z.z.z
and you would then call this in the said tunnel-group :
tunnel-group opsource type ipsec-ra
tunnel-group opsource general-attributes
address-pool admin_ra
authentication-server-group radius LOCAL
default-group-policy opsource
04-06-2006 02:52 PM
Thanks for reply. As you configured, which radius server does ASA authenticate to when WebVPN users try to login?
I want the ASA authenticate to more than 1 AAA server e.g. host x.x.x.x and y.y.y.y that they have different credential information in the same time. That means WebVPN user has to fill 4 credentials information e.g. host x user and password, host y user and password in the login page. Is it possible?
Please advice.
Thanks,
Nitass
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: