Solved: Re: Cisco ISE - VPN users authenticated with Secondary PSN

aslam.bajwa · ‎01-28-2019

Hi All ,

I have cisco ISE 2.2 Distributed deployment with Failover .

my Mobile VPN users are getting connected with Secondary PSN instead Primary PSN.

now i want to know where is time-out configured ? in which if primary radius is not responding then VPN users authenticating by Secondary PSN (Secondary Radius ) .

Regards ,

Sheraz.Salim · ‎01-28-2019

@Mohammed al Baqariwith respect the command is

show aaa-server

also this command can be used show run all aaa-server

please do not forget to rate.

View solution in original post

Sheraz.Salim · ‎01-28-2019

if you on ASA box.

aaa-server my-radius-group protocol radius
aaa-server my-radius-group host 1.2.3.4
timeout 3
key “password”
authentication-port 1812
accounting-port 1813

please do not forget to rate.

aslam.bajwa · ‎01-28-2019

Hi SHeraz ,
Thank you very much for your reply ,
timeout 3 is 3 min ?
this change will effect any thing els also ?

Regards

Sheraz.Salim · ‎01-28-2019

The range is from 1 to 60 seconds

https://www.cisco.com/c/m/en_us/techdoc/dc/reference/cli/n5k/commands/radius-server-timeout.html

https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/aaa-radius.pdf

it will only impact the aaa-server.

please do not forget to rate.

Mohammed al Baqari · ‎01-28-2019

This is configured in ASA. If you check show aaa severs in ASA you will see
that status of your radius servers (live/dead). The timers are configured
in aaa radius server configuration.

Sheraz.Salim · ‎01-28-2019

@Mohammed al Baqariwith respect the command is

show aaa-server

also this command can be used show run all aaa-server

please do not forget to rate.