i think this question is too obvious for most of you, but here it goes...
We have defined a group that authenticates users in a external Radius with success...but now we need to add some internal users to have this same profile (maybe same group??) and authenticate , but internally..
Ismael, according to this document yes it is feasable to use internal user database for user authentication through its local database.. please refer to this doc.. you can have up to 100 groups or 100 users in the internal database but that does not exceed 100 in combination of both groups and users in vpn 3005/30015, the number for local database groups and users is 1000 for vpn3060 and 3080.
yes, it is feasible to use internal database, but..is it possible that a user called, let's say ciscouser, first try to authenticate against RADIUS, and if it fails there, try to authenticate as last resort in internal database???
It shouldn't because when you create a newvpn group,you will explicitely indicate in the new group configuration that the method of auth be internal but RADIUS,best is to create the new group, new user in internal database and test it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...