Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

VPN 3005 - using both Internal and RADIUS auth servers

Hi everyone,

I've been using the 'Internal' authentication server up to this point, creating accounts on the 3005 for each user.

I'm now looking to start using RADIUS, since I have a domain controller running IAS.

I configured everything as per the Cisco doc I found, and was able to use the RADIUS server for authentication successfully.

Here's the problem I'm having:

Under 'Configuration - System - Servers - Authentication', I have my Internal server, and my RADIUS server.

When I move the 'RADIUS' server above the 'Internal' server, I can login using RADIUS, but none of the 'internal' accounts I have created can login.

When I move the 'Internal' server above the 'RADIUS' server, my internal accounts can login, but my RADIUS account cannot.

I was really hoping that I could have the two co-exist and move people from Internal to RADIUS in phases. I'm sure this must be possible.

Do I need to assign the 'Internal' server to the base group in the 'Groups' page?

Note that most users are using PPTP, but some are using IPSec.

Thanks in advance for suggestions!

Dan

1 REPLY
New Member

Re: VPN 3005 - using both Internal and RADIUS auth servers

For migration create two different groups. One for internal auth, another for external. Instruct users to chenge group name (for example sales -> sales_new). You can leave group password the same.

I'm not sure my solution is the best. Applying knowledge from IOS AAA router only check for nex auth database if previos check return error (but not AUTH_FAIL)

213
Views
0
Helpful
1
Replies
CreatePlease to create content