Basic query on backup servers list for RA VPN servers.
with the command: backup-servers <server list/keep-client-config> options..
Lets say if I have the ASA to push backup servers to RA client when connects. What happens second time when the cleint tries to connect and primary server is not available..? Does the client tries to look for backup server IP pushed during the first time or the backup server list will be pushed everytime client tries to connect..?
In general what is recomended..? Any security related issues if we roll the clients with backup server and on primary use 'Keep-client-config'
Re: Query on Backup server listing for RA VPN servers
To configure backup servers, use the backup-servers command in group-policy configuration mode. To remove a backup server, use the no form of this command. To remove the backup-servers attribute from the running configuration, use the no form of this command without arguments. This enables inheritance of a value for backup-servers from another group policy.IPSec backup servers let a VPN client connect to the central site when the primary security appliance is unavailable. When you configure backup servers, the security appliance pushes the server list to the client as the IPSec tunnel is established.
keep-client-config - Specifies that the security appliance sends no backup server information to the client. The client uses its own backup server list, if configured.
Show Name: Thoughts on Security at Cisco Live US 2018 in Orlando
Contributors: Kevin Klous, David White Jr., Aaron Woland, Jeff Fanelli
Posting Date: June 2018
Description: The team goes on-site in the Cisco Live Speaker room in...
RADIUS and Symantec VIP.
I will use screenshots of ASDM, and at the end I will add the required CLI commands. the diagram below show a diagram of the steps the FW goes through when using 2FA authentication:
As you can see in Fig. 1&nbs...