crypto map vpnmap client authentication ACS-RADIUS LOCAL
Note: Within the crypto map, you can only enter one external authentication server group. The failover or backup authentication method can only be set to LOCAL. The second server in the list is only queried if the primary server is unresponsive. If the primary server is queried and issues a failed response, then the secondary server is not queried.