Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to configure a backup Cisco Secure Access Control Server (ACS) for Cisco VPN Clients on the PIX Firewall


You can configure the PIX Firewall with a backup ACS server for VPN Clients if the primary server goes down.

In order to accomplish this, complete these steps:
  1. Configure the primary ACS server with the host name and key.

  2. Configure the secondary ACS server with the host name and key.

  3. Bind the authentication server with crypto map.

  4. Use these commands in order to complete the configuration:

    aaa-server ACS-RADIUS (inside) host X.X.X.X (key)  timeout 5

    aaa-server ACS-RADIUS (inside) host Y.Y.Y.Y (key)  timeout 5

    crypto map vpnmap client authentication ACS-RADIUS LOCAL

Note: Within the crypto map, you can only enter one external authentication server group. The failover or backup authentication method can only be set to LOCAL. The second server in the list is only queried if the primary server is unresponsive. If the primary server is queried and issues a failed response, then the secondary server is not queried.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 05:10 PM
Updated by:
Labels (1)