https://community.cisco.com/t5/network-security/vpn-authentication/m-p/1338424#M969929 <P>one of our clients has an ssl vpn setup of firewall -- ACS -- Domain database.</P><P>There is a requirement that we have a fallback for authentication to vpn in case domain database is unavailable/fails.</P><P>i.e. if this happens, ACS checks the domain &amp; if it is not available, goes in for local database authentication.</P><P>But in no way they want the local usernames on the firewall. the acs has to do the job. </P><P>Is this possible.Please advise.</P><P>Thanks!</P> Fri, 21 Feb 2020 11:46:12 GMT suthomas1 2020-02-21T11:46:12Z https://community.cisco.com/t5/network-security/vpn-authentication/m-p/1338424#M969929 <P>one of our clients has an ssl vpn setup of firewall -- ACS -- Domain database.</P><P>There is a requirement that we have a fallback for authentication to vpn in case domain database is unavailable/fails.</P><P>i.e. if this happens, ACS checks the domain &amp; if it is not available, goes in for local database authentication.</P><P>But in no way they want the local usernames on the firewall. the acs has to do the job. </P><P>Is this possible.Please advise.</P><P>Thanks!</P> Fri, 21 Feb 2020 11:46:12 GMT https://community.cisco.com/t5/network-security/vpn-authentication/m-p/1338424#M969929 suthomas1 2020-02-21T11:46:12Z https://community.cisco.com/t5/network-security/vpn-authentication/m-p/1338425#M969930 <HTML><HEAD></HEAD><BODY><P>Did you have a look at Dynamic Access Polices (DAP) in Cisco ASA? They might help you in this regard</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml">http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml</A></P><P></P><P>Regards</P><P></P><P>Farrukh</P></BODY></HTML> Mon, 23 Nov 2009 07:40:11 GMT https://community.cisco.com/t5/network-security/vpn-authentication/m-p/1338425#M969930 Farrukh Haroon 2009-11-23T07:40:11Z