Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

WebVPN - ASA 7.2 - Tunnel Group - Two authentication method

Hi,

I'am using ASA5520 for WebVPn and AAA authentication. AAA Authentication is set on default tunnel group. I have created a new tunnel group with local authentication.

at user level, I check "tunnel group lock" and choose the new tunnel group.

When i try to connect, local password is denied but AAA password is OK.

Has somebody already done this kind of conf ? Is it possible to do this ?

I didn't see in Cisco documentation taht it is not possible ....

Thanks

Olivier

3 REPLIES
Silver

Re: WebVPN - ASA 7.2 - Tunnel Group - Two authentication method

I think its possible to authenticate with the local username and passowrd, but it depend on the tunnel group name and preshared key used in the WEB VPN Client.

New Member

Re: WebVPN - ASA 7.2 - Tunnel Group - Two authentication method

I succeeded to authenticate users with local database OR Radius database. But I need to authenticate some user with local authentication and others with Radius authentication in Webvpnmode.

I created two tunnel group policies and performed group lock at user?s definition but it did not work. I was always be challenged by the default policy ?.

OB1

Cisco Employee

Re: WebVPN - ASA 7.2 - Tunnel Group - Two authentication method

Hi,

For Group Lock to work, you need an external Radius server.

The Radius "Class" attribute 25, should have a field as "OU = groupname ".

This is how Group Lock is supposed to work. It doesnt work with Local AAA Authentication.

It will always default to Default Group Policy.

*Please rate if helped.

-Kanishka

349
Views
3
Helpful
3
Replies
CreatePlease login to create content