Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

multiple RADIUS authentication servers

i have a PIX 515 (6.1(2)) that accepts VPN connections. i'm currently using an internal RADIUS server (NT4.0 IAS) for authentication, and that works very well. however, i need to be able to authenticate to 2 different RADIUS servers (in 2 different NT4.0 domains) on a per-user basis.

my current working, single domain config looks similar to this:

aaa-server RADIUS protocol radius

aaa-server partnerauth protocol radius

aaa-server partnerauth (inside) host x.x.x.1 password1 timeout 5

i've tried the following, but of course the second radius server is only queried if the first one fails to answer, not in the event of a failed authentication:

aaa-server RADIUS protocol radius

aaa-server partnerauth protocol radius

aaa-server partnerauth (inside) host x.x.x.1 password1 timeout 5

aaa-server partnerauth (inside) host x.x.x.2 password2 timeout 5

can this be accomplished inside the pix itself, or do i need to set up a proxy radius server to handle it?

thanks in advance!

1 REPLY
Cisco Employee

Re: multiple RADIUS authentication servers

You can't do this on the PIX itself, it will only go to the second or subsequent servers if the first server is not available.

112
Views
0
Helpful
1
Replies