Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Backup RADIUS server

Hello,

Does anyone know whether you can configure a PIX to use an alternate RADIUS server if the primary one is not responding? For example, one of our customers authenticates their VPN clients using a RADIUS server with the PIX command:

aaa-server ISA-SERVER (inside) host 10.222.180.10 b1bbyrad1u5 timeout 10

If this RADIUS server fails (as it did recently) can the PIX use another backup radius server?

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: Backup RADIUS server

Hai David,

The first server in the config wil be attempt to reach. If this one is not reacting (no connection can be made) than after the timeout the second server will be connected.

Greetings,

Rene

4 REPLIES
New Member

Re: Backup RADIUS server

Yes you can,

You can always configure more than one radius server. So use the same command but with an other ip address.

If the primary fails (no connection could be made) the pix will send the aurthentication to the next server in the configuration.

New Member

Re: Backup RADIUS server

Thanks very much for that. Can you clarify this though: Which server will the PIX try first? Will it be the first server in the config?

Thanks

David

New Member

Re: Backup RADIUS server

Hai David,

The first server in the config wil be attempt to reach. If this one is not reacting (no connection can be made) than after the timeout the second server will be connected.

Greetings,

Rene

New Member

Re: Backup RADIUS server

Hi, apologies for hijacking this thread but can CPVN clients access different Radius servers, the line

crypto map newmap client authentication (server tag)

can only point to one server and cna not be changed

Any help appreciated

Regards Tony

240
Views
0
Helpful
4
Replies
CreatePlease to create content