Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can you have both AAA and Local User database for vpn anyconnect

I have an ASA with 9.1.1 code using the corperate LDAP for authentacation, and it works great, but the customer also wants a few accounts with local login, In case the AD goes down.  I have never tried this, I have done one or the other.

Is this possible?

thanks,

chuck

2 REPLIES
Cisco Employee

Can you have both AAA and Local User database for vpn anyconnect

Chuck,

Authentication-server-group command allows to use local DB as backup should servers not be avialbles.

http://www.cisco.com/en/US/docs/security/asa/command-reference/a3.html#wp1719328

M.

Hall of Fame Super Silver

Can you have both AAA and Local User database for vpn anyconnect

Sure we do this all the time.

As Marcin notes, it is AD first and, as long as AD is available, one must use AD credentials. If (and only if) the AD-based authentication server is not available will the ASA fall back to the local authentication method.

166
Views
0
Helpful
2
Replies
CreatePlease to create content