Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1462
Views
0
Helpful
1
Replies

multiple RADIUS authentication servers

tstout
Level 1
Level 1

‎11-15-2002 10:37 AM - edited ‎02-21-2020 10:05 AM

i have a PIX 515 (6.1(2)) that accepts VPN connections. i'm currently using an internal RADIUS server (NT4.0 IAS) for authentication, and that works very well. however, i need to be able to authenticate to 2 different RADIUS servers (in 2 different NT4.0 domains) on a per-user basis.

my current working, single domain config looks similar to this:

aaa-server RADIUS protocol radius

aaa-server partnerauth protocol radius

aaa-server partnerauth (inside) host x.x.x.1 password1 timeout 5

i've tried the following, but of course the second radius server is only queried if the first one fails to answer, not in the event of a failed authentication:

aaa-server RADIUS protocol radius

aaa-server partnerauth protocol radius

aaa-server partnerauth (inside) host x.x.x.1 password1 timeout 5

aaa-server partnerauth (inside) host x.x.x.2 password2 timeout 5

can this be accomplished inside the pix itself, or do i need to set up a proxy radius server to handle it?

thanks in advance!

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎11-16-2002 09:24 PM

You can't do this on the PIX itself, it will only go to the second or subsequent servers if the first server is not available.

0 Helpful
Customers Also Viewed These Support Documents