i have a PIX 515 (6.1(2)) that accepts VPN connections. i'm currently using an internal RADIUS server (NT4.0 IAS) for authentication, and that works very well. however, i need to be able to authenticate to 2 different RADIUS servers (in 2 different NT4.0 domains) on a per-user basis.
my current working, single domain config looks similar to this:
aaa-server RADIUS protocol radius
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host x.x.x.1 password1 timeout 5
i've tried the following, but of course the second radius server is only queried if the first one fails to answer, not in the event of a failed authentication:
aaa-server RADIUS protocol radius
aaa-server partnerauth protocol radius
aaa-server partnerauth (inside) host x.x.x.1 password1 timeout 5
aaa-server partnerauth (inside) host x.x.x.2 password2 timeout 5
can this be accomplished inside the pix itself, or do i need to set up a proxy radius server to handle it?
thanks in advance!